Password performance anxiety – a recurring nightmare in the internet age.

What was that password again?

You know the feeling.  You click on a website, one you have not used in a few weeks.  You break out in a cold sweat as the website asks you to enter your user name and password.

“Which user name did I use?”  “What was that password again?”

Each one of us has between 20 and 150 user names and passwords to remember.  How could that be, you ask?  Well we each have a bank, or two, or five.  We have Facebook, Twitter, Linkedin.  We have Amazon, Ebay, Barnes and Noble.  Our ftp password, Dropbox, the company logon at our job, Gmail and Yahoo sign-on. Brokerage firms, 401k or IRA plans,. our dentist, our doctor, Snapfish, the health insurance site, university alumni organization, student loans, several airline frequent flyer sites, Netflix, Cable TV, Our wireless carrier, utility, and countless retailers and department stores.  The list goes on and on.

To make matters worse, some sites require special characters for user names and/or passwords.  Some do not permit these characters.

Some sites require a password greater than 6 or 8 characters.  Others consider these to be maximum lengths you cannot exceed.

Some sites require both numbers and letters.  Other sites permit only one or the other. ATM codes are a great example of numbers only.

Some sites are case sensitive and require some letters of each case.  Others do not.

Some sites REQUIRE you to change your password every few months.  Others do not

Truthfully, as I recount the various requirements and differences, I too am breaking into a cold sweat.

How then, do we manage our user names and passwords?

An essential part of online life, but are there alternatives?

Before we begin to suggest answers, we can all agree that the effective use of passwords is an essential part of our online life.

Technological innovations

Well, there have been discussions about replacing passwords with voice recognition, or finger prints, or retina scans.  But these innovations are a ways off.  And they have their shortcomings as well.

On more than one occasion, my son or daughter or wife has asked me to sign on to one of their accounts to retrieve some information or enter a transaction on their behalf.  With these proposed types of passwords, our ability to help out those who are close and trusted would not be possible.

Password keeper software

If you were to key the above 3 words into a Google search, you would see countless pages of software that enable you to enter passwords into a local or internet database that is, itself, password protected.

But who among is us is looking to buy yet another software tool?

And we want to be sure that this tool is accessible from our office computer, home computer, tablet, and smartphone.  If the software is accessible from all these locations, we assume that the software is located in the cloud.  And if this is the case, how do we ensure that the password keeper itself will not be compromised.

Nowadays, many sites require us to know more than our password.  We need to remember answers to bizarre questions such as which hospital our maternal grandmother was born in or what the middle name of our best friend in kindergarten was.  This information needs to be stored someplace as well.

Lastly, we would want this password keeper software to be usable by other members of our family.  By this we mean that they should be able to store their own passwords.  We also mean that we want them to have access o our passwords if we want them with our permission “borrow” to access our account.

60 days are up, time to change your password… or else!!

There are two schools of thought regarding the need for frequent, required password change.  Of course, there is some truth to both schools.

The good thing about required password changes is that if a user is no longer active at all, the account is more likely to be unusable.  In addition, there are those who believe that frequent password changes will foil hackers and others with ill intent.

However, the reality is that when sites require frequent password changes, the user makes the minimal change to the password each time.  570test for example becomes 571test, 572test, 573test for each successive change.  What’s worse, the users tend to write the password down in a place that is easy to find.  I have even seen users write down the password on a post-it note and stick it to the computer monitor.  So much for improved security.

Like socks, one size fits all

Some users will try to use one password for ALL websites.  This would certainly make the password easier to remember.  But is this practical?  And is it secure?

From a standpoint of practicality, the syntax requirements of various websites make this idea not workable.  There are too many different requirements from one website to another.

As for security, there are those who believe that one password would give a clever hacker unlimited access to all of our financial and internet life.  There is considerable truth to this.

My favorite solution, the root password approach

We now find ourselves at the end of the Blog with a thorough understanding of the password issues.  This would be the perfect time to propose a relatively simple, straight forward solution to the password conundrum.  And we shall proceed to propose one here.

The key to our password solution is to identify 2 or 3 different “root” numbers, one of which you can imbed into any one of your passwords.  For example, three possible root passwords could be:

the month and day of your grandmothers birthday,  e.g. 0327

the address of your dorm building  in college,    e.g. 4815

the license plate number of your first car.  BSG431

You can incorporate any of these “root” numbers into anyof your passwords, and even write them down.  But when you write them down, you don’t use the literal “0327”.  You abbreviate it as “BD”.  For example, your password to might be pur0327ch.  When you write it down, you write it as purbdch.

In this way, you can write down each of your websites, account numbers, user names, and passwords. You can even  write the 2 or 3 or 6 questions and answers that web sites require for additional authentication.  My suggestion here is to write down that answers only, not the questions.

But where do you write them down?

The most secure place is to handwrite them on paper and store them manually.  The difficulty here is that you want the most current password every place you use your computer.  At work, at home, your phone.  Another problem is that over time, the hand-maintained copies will not all share all of your password information.  Another problem is handwriting – and mine is not good. I do not advocate this approach.

The next alternative is to type them into a Word document and store them on the local drive of your computer.  The difficulty here is that you want them accessible at home and at work and on your phone.  And when a password changes, it must be changed on every copy.  If you have different copies of this file, my suggestion is to designate one of the copies as the master file.  And only make changes to this master copy.  You can then copy the master to the other files.

Incidentally, you should always password this document that stores the other password information.   This provides another level of security.

Some final words of advice

Do not store this file that contains passwords on a notebook computer, flash drive, tablet or other portable device.  If you must store it on this device, make sure that the file is itself password protected.  And remember this password.

Passwords can contain upper/lower case, numbers, letters, and special characters ($, %, #, etc. )   Always choose at least 2 of them.  I have a personal preference, but I will not share it here because this would give readers of this Blog the inside track on my personal approach to security.

Final bit of advice, be diligent in the maintenance of your list of passwords.  This is the key to overcoming password performance anxiety.

How you can benefit from cloud computing

You hear it from all directions – Cloud Computing is the Future.  But what is Cloud Computing, and how will it affect your business?

Narrowly defined, Cloud Computing is the use of servers accessed over the Internet.  Rather than housing a dedicated computing facility at your location and at considerable fixed cost, someone else will do it for you.  Cloud computing is typically paid for on a monthly subscription or pay-per use basis.  Because you are sharing the costs with dozens, or hundreds, or thousands of other cloud customers, your proportional cost of the total cloud solution is a fraction of what comparable services would cost in your dedicated environment.

Once you sign the contract with the cloud hosting provider, you will instantly have access to the following benefits:

  1. Increase your computer capacity incrementally as needed.  In essence you replace your fixed cost with a variable cost.
  2. Replace fixed cost software licenses with monthly license fee amounts that are a fraction of the total license cost.
  3. Rely on the cloud host to provide firewalls and security at a lower cost with capabilities that far exceed that which you could do on your own.
  4. The cloud hosting facility will provide reliable backup services.
  5. The speed of the communications line provided by the host typically exceeds that which you can provide on your own.
  6. The specialized staff and cost of this staff that is required to run your data center is largely eliminated.

An appropriate analogy is that when you build a house, you do not include an electric generation plant in the basement or garage (granted that during severe thunder storms it is nice to have a portable generator handy).  You let your local utility provide the power. Similarly, companies will gradually begin to migrate their business applications to the cloud.  Over time, as more and more applications become cloud-based, the proprietary data centers will diminish in size.

You might be surprised to learn that and IBM are two of the largest cloud-based providers in the world.  So this is not some fringe segment of the IT industry.

In addition, some forward-looking software providers have eliminated the buy and install software task altogether.  We are seeing companies like and offer their software exclusively on a cloud basis.

How can your company harness this cloudburst?  Which of your applications are candidates for the cloud?  Where are these cloud resources and which ones are the most reliable?  How will these applications talk to the rest of your business systems?

Like all things IT, there is a gap between concept and reality.  At Business Logic, we can help you manage your cloud.  In so doing, we can help you to maximize the benefit and value of cloud computing to you and your organization.

So if you are wondering how SaaS differs from PaaS, if MSP is better for you than UC, give us a call.  We can make sense of it all, and help you translate acronym confusion to bottom line results.