Password performance anxiety – a recurring nightmare in the internet age.

What was that password again?

You know the feeling.  You click on a website, one you have not used in a few weeks.  You break out in a cold sweat as the website asks you to enter your user name and password.

“Which user name did I use?”  “What was that password again?”

Each one of us has between 20 and 150 user names and passwords to remember.  How could that be, you ask?  Well we each have a bank, or two, or five.  We have Facebook, Twitter, Linkedin.  We have Amazon, Ebay, Barnes and Noble.  Our ftp password, Dropbox, the company logon at our job, Gmail and Yahoo sign-on. Brokerage firms, 401k or IRA plans,. our dentist, our doctor, Snapfish, the health insurance site, university alumni organization, student loans, several airline frequent flyer sites, Netflix, Cable TV, Our wireless carrier, utility, and countless retailers and department stores.  The list goes on and on.

To make matters worse, some sites require special characters for user names and/or passwords.  Some do not permit these characters.

Some sites require a password greater than 6 or 8 characters.  Others consider these to be maximum lengths you cannot exceed.

Some sites require both numbers and letters.  Other sites permit only one or the other. ATM codes are a great example of numbers only.

Some sites are case sensitive and require some letters of each case.  Others do not.

Some sites REQUIRE you to change your password every few months.  Others do not

Truthfully, as I recount the various requirements and differences, I too am breaking into a cold sweat.

How then, do we manage our user names and passwords?

An essential part of online life, but are there alternatives?

Before we begin to suggest answers, we can all agree that the effective use of passwords is an essential part of our online life.

Technological innovations

Well, there have been discussions about replacing passwords with voice recognition, or finger prints, or retina scans.  But these innovations are a ways off.  And they have their shortcomings as well.

On more than one occasion, my son or daughter or wife has asked me to sign on to one of their accounts to retrieve some information or enter a transaction on their behalf.  With these proposed types of passwords, our ability to help out those who are close and trusted would not be possible.

Password keeper software

If you were to key the above 3 words into a Google search, you would see countless pages of software that enable you to enter passwords into a local or internet database that is, itself, password protected.

But who among is us is looking to buy yet another software tool?

And we want to be sure that this tool is accessible from our office computer, home computer, tablet, and smartphone.  If the software is accessible from all these locations, we assume that the software is located in the cloud.  And if this is the case, how do we ensure that the password keeper itself will not be compromised.

Nowadays, many sites require us to know more than our password.  We need to remember answers to bizarre questions such as which hospital our maternal grandmother was born in or what the middle name of our best friend in kindergarten was.  This information needs to be stored someplace as well.

Lastly, we would want this password keeper software to be usable by other members of our family.  By this we mean that they should be able to store their own passwords.  We also mean that we want them to have access o our passwords if we want them with our permission “borrow” to access our account.

60 days are up, time to change your password… or else!!

There are two schools of thought regarding the need for frequent, required password change.  Of course, there is some truth to both schools.

The good thing about required password changes is that if a user is no longer active at all, the account is more likely to be unusable.  In addition, there are those who believe that frequent password changes will foil hackers and others with ill intent.

However, the reality is that when sites require frequent password changes, the user makes the minimal change to the password each time.  570test for example becomes 571test, 572test, 573test for each successive change.  What’s worse, the users tend to write the password down in a place that is easy to find.  I have even seen users write down the password on a post-it note and stick it to the computer monitor.  So much for improved security.

Like socks, one size fits all

Some users will try to use one password for ALL websites.  This would certainly make the password easier to remember.  But is this practical?  And is it secure?

From a standpoint of practicality, the syntax requirements of various websites make this idea not workable.  There are too many different requirements from one website to another.

As for security, there are those who believe that one password would give a clever hacker unlimited access to all of our financial and internet life.  There is considerable truth to this.

My favorite solution, the root password approach

We now find ourselves at the end of the Blog with a thorough understanding of the password issues.  This would be the perfect time to propose a relatively simple, straight forward solution to the password conundrum.  And we shall proceed to propose one here.

The key to our password solution is to identify 2 or 3 different “root” numbers, one of which you can imbed into any one of your passwords.  For example, three possible root passwords could be:

the month and day of your grandmothers birthday,  e.g. 0327

the address of your dorm building  in college,    e.g. 4815

the license plate number of your first car.  BSG431

You can incorporate any of these “root” numbers into anyof your passwords, and even write them down.  But when you write them down, you don’t use the literal “0327”.  You abbreviate it as “BD”.  For example, your password to might be pur0327ch.  When you write it down, you write it as purbdch.

In this way, you can write down each of your websites, account numbers, user names, and passwords. You can even  write the 2 or 3 or 6 questions and answers that web sites require for additional authentication.  My suggestion here is to write down that answers only, not the questions.

But where do you write them down?

The most secure place is to handwrite them on paper and store them manually.  The difficulty here is that you want the most current password every place you use your computer.  At work, at home, your phone.  Another problem is that over time, the hand-maintained copies will not all share all of your password information.  Another problem is handwriting – and mine is not good. I do not advocate this approach.

The next alternative is to type them into a Word document and store them on the local drive of your computer.  The difficulty here is that you want them accessible at home and at work and on your phone.  And when a password changes, it must be changed on every copy.  If you have different copies of this file, my suggestion is to designate one of the copies as the master file.  And only make changes to this master copy.  You can then copy the master to the other files.

Incidentally, you should always password this document that stores the other password information.   This provides another level of security.

Some final words of advice

Do not store this file that contains passwords on a notebook computer, flash drive, tablet or other portable device.  If you must store it on this device, make sure that the file is itself password protected.  And remember this password.

Passwords can contain upper/lower case, numbers, letters, and special characters ($, %, #, etc. )   Always choose at least 2 of them.  I have a personal preference, but I will not share it here because this would give readers of this Blog the inside track on my personal approach to security.

Final bit of advice, be diligent in the maintenance of your list of passwords.  This is the key to overcoming password performance anxiety.

How you can benefit from cloud computing

You hear it from all directions – Cloud Computing is the Future.  But what is Cloud Computing, and how will it affect your business?

Narrowly defined, Cloud Computing is the use of servers accessed over the Internet.  Rather than housing a dedicated computing facility at your location and at considerable fixed cost, someone else will do it for you.  Cloud computing is typically paid for on a monthly subscription or pay-per use basis.  Because you are sharing the costs with dozens, or hundreds, or thousands of other cloud customers, your proportional cost of the total cloud solution is a fraction of what comparable services would cost in your dedicated environment.

Once you sign the contract with the cloud hosting provider, you will instantly have access to the following benefits:

  1. Increase your computer capacity incrementally as needed.  In essence you replace your fixed cost with a variable cost.
  2. Replace fixed cost software licenses with monthly license fee amounts that are a fraction of the total license cost.
  3. Rely on the cloud host to provide firewalls and security at a lower cost with capabilities that far exceed that which you could do on your own.
  4. The cloud hosting facility will provide reliable backup services.
  5. The speed of the communications line provided by the host typically exceeds that which you can provide on your own.
  6. The specialized staff and cost of this staff that is required to run your data center is largely eliminated.

An appropriate analogy is that when you build a house, you do not include an electric generation plant in the basement or garage (granted that during severe thunder storms it is nice to have a portable generator handy).  You let your local utility provide the power. Similarly, companies will gradually begin to migrate their business applications to the cloud.  Over time, as more and more applications become cloud-based, the proprietary data centers will diminish in size.

You might be surprised to learn that and IBM are two of the largest cloud-based providers in the world.  So this is not some fringe segment of the IT industry.

In addition, some forward-looking software providers have eliminated the buy and install software task altogether.  We are seeing companies like and offer their software exclusively on a cloud basis.

How can your company harness this cloudburst?  Which of your applications are candidates for the cloud?  Where are these cloud resources and which ones are the most reliable?  How will these applications talk to the rest of your business systems?

Like all things IT, there is a gap between concept and reality.  At Business Logic, we can help you manage your cloud.  In so doing, we can help you to maximize the benefit and value of cloud computing to you and your organization.

So if you are wondering how SaaS differs from PaaS, if MSP is better for you than UC, give us a call.  We can make sense of it all, and help you translate acronym confusion to bottom line results.

Why spreadsheets are costing you money

In the early days of computing, the spreadsheet was the original killer app.  This was the tool that improved productivity for countless financial and accounting professionals.  Through its efficiency and flexibility, the spreadsheet became the Swiss army knife of computer applications.  When nothing else fit the task, one could always shoehorn the results into a spreadsheet and quickly refine the equation and arrive at the desired results.

But when we look closer we see that the very flexibility that the spreadsheet exhibits becomes an obstacle to more disciplined and structured solutions.  Let’s see how.

1. With spreadsheets, there are no audit trails.  How do we verify if an important adjustment is reflected in the sheet?

Financial statements and schedules are always changing.  There are corrections, adjustments, offsets and a myriad of other changes that need to be entered and reconciled to previous versions of the financial data.  Spreadsheets are highly regarded for their flexibility.  But they are not good tools to track changes over time or to highlight adjustments or changes.  For example, has the traveling expense been included in the current version of the sheet or not.

Significant amounts of time are necessary to verify and reconcile financial data when maintained in spreadsheet form.

2. Spreadsheets lose their historical perspective – What version am I looking at?

In reviewing spreadsheet results, there are always questions related to versioning.  Does the spreadsheet you are reviewing on Tuesday contain the same data as the one you were working with last Thursday.  How do you verify that they are the same?  And, if they are not the same, how do you find the differences?

3. As the number of clients or accounts grows, where are the economies of scale?

A financial company has 4 clients.  Records for each client are maintained in an elaborate, multi-tab spreadsheet.  In reality, each of the client spreadsheets has similar formulae or equations that produce the results.  But how do we know that the math is identical on each of the 4 sheets.

Now, as the financial company becomes even more successful, the 4 clients increases to 34 clients.  And the spreadsheet tabs increase from 4 to 34 as well.  The problems of verifying results and realizing economies of scale become even more pronounced.

4. Spreadsheets make delegation of work much more difficult.

An important and valuable feature of a spreadsheet is the ease with which a new idea can be modeled and refined.  But once completed, as daily, weekly, and monthly data are added, the desktop process turns into a production environment.  At this point, the creator of the spreadsheet wants to delegate the ongoing data entry and maintenance to an employee or associate.

However, with spreadsheets, it is difficult to delegate work because there is a strong likelihood that inadvertent mistakes will be made by other spreadsheet users or maintainers.   In fact, it frequently occurs that the originator will spend more time trying to correct an error made by others than the originator would spend to perform the production tasks in the first place.

So we see, spreadsheets make it even more difficult to delegate work.

5. How do you validate the calculations and ensure they are applied EVERYWHERE?

With spreadsheets, the calculations are repeated for many cells in a column or many cells in a row.  When rows or columns are added or removed, care must be taken that all of the calculations are still correct.

To make matters worse, if we have 34 similar but different spreadsheets, as we do in item 4 above, the problem of uniformity and accuracy rapidly increases.

And if new calculations need to added, how do we ensure that we made them to ALL of the spreadsheets.

6. Loading the spreadsheets can be time consuming and error-prone.

It is often not practical to load data into spreadsheet manually.  Often data is loaded from other sources of information – Corporate databases, Portfolio management systems, cloud-based information systems, etc.  With spreadsheets, this data loading process is a heavily manual process that is highly error prone.

So what is the solution?

Spreadsheets are still the ideal modeling tool.  They are essential to our ability to experiment and refine our mathematical tools.

But once established, the spreadsheet needs to be migrated to an industrial-strength database solution.  Often, the database solution is deployed on the internet or company-private and secured intranet environment.

The database solution addresses each of the shortcomings of the spreadsheet.  It enables you to save thousands of person-hours and tens of thousands of dollars in the conduct of your business.