Janie Slaven: LEFT TO MY OWN DEVICES: Resolve to revamp your password environment

Janie Slaven, The Times-Tribune, Corbin, Ky.
·5 min read

Dec. 28—You've cleared out all the wrapping paper remnants. The bounty of leftovers press outward from within your fridge. Naps abound. Now what? Sometimes it seems that the Christmas rush leaves in its wake a void of sorts. We're all likely preparing for Saturday's Ball Drop in New York City or some other fanfare to see off 2022 and bring in 2023. Those preparations keep the festive, holiday season going despite the real reason for our celebration having passed once Christmas, itself, ended.

You might be planning your NFL day on January 1, 2023. You've scratched out just one more list for the year in terms of shopping for the goodies to keep you munching until midnight on December 31, 2022. Then, truly, the season for giving and indulging begins to wane. We have a dry spell, more or less, and that exhaust from the billowing respirations of nonstop holiday cheer and chores might put you at ease. Don't fall for it.

One of the reasons that New Year's Day has become, if arbitrarily, the time to reset surrounds the tradition of New Year's resolutions. This is no Hallmark holiday styled practice. It harkens way back. In ancient Rome, the citizenry gave up sacrifices to Janus, their god for whom January is named. The Jewish faithful reflect during the Day of Atonement, Yom Kippur, which ends their New Year, Rosh HaShanah. They'll show sorrow and seek forgiveness for the year's wrongdoings.

New Year's resolutions, of course, have morphed from religious to the secular. Weight loss, charity, mindfulness and a limitless list of other virtuous behaviors tend to fill modern day resolution's intentions. "Intention" is the right word, too, since we know from various, mostly scientific, studies that around two-thirds of all our good intentions don't get much past the thought and planning phase. Lost weight quickly becomes regained, and then some for many. Bridged relationships start shaking and breaking down again before Easter, if not earlier. Bad habits only sustained scant breaks before becoming part of our daily lives again. There are roads, we know, paved with our intentions.

Now, to the optimist in you, you can see that if two-thirds of well-intentioned New Year's resolutions fizzle out before the bubbly does, that leaves one-third of them intact, at least for some longer duration. Baseball's still months away, and I'm unsure about whether to look forward to the season, as I always am at this time of year being a Cubs fan. Nevertheless, I know that any MLB player wondering about their Spring Training assignment and fate beyond then would be thrilled to carry that .333 average. In other words, accentuate the positive, people, and consider reflecting, planning, intending, and then conducting earnestly a New Year's resolution. By the odds, at least once every three years yours could stick.

I'd be remiss in this column to not continue what has been a New Year's theme throughout my years of writing for you. Not every year, but most, I've tried to encourage you to embrace this tradition, and focus its lens on your cybersecurity health. This is a selfish admonition as much as it is sage advice. After all, you know, or should know, that there are few phenomena shared among all eight billion of us traipsing the big blue marble than our sharing the lanes of the information superhighway. In so doing, we share both the responsibilities and the results of the collective information security and privacy practices that help construct (or destroy) the world wide web. When your cyberspace is safe and secure, you promote the security of mine, and so on. There are no factions. There are no silos. Every time that you read about a hack, breach, or other online shenanigans you might supplant whomever was the victim with your own name. You do not, nor cannot, know how closely that victim might be connected to you, at least in terms of IP addresses, concurrent network travels, or in many other ways that it truly is an internet community.

So, here's the typical, end-of-year advice, yet again. Make as your New Year's resolution a commitment to revamp and improve your entire password environment. With the online activities of the average user—social networking, shopping, banking, school communications, medical records and correspondence, taxes, etc., etc.—it's not just a discussion about "some passwords." Used to be, but those days are gone. There was a time less than a decade ago when I realized it was becoming a "password environment" once I passed around 20-30 of them in my domain. Nowadays, at least according to some recent reports, the average user maintains 70-80 of them. Personally, I decided to not take time to count for the sake of this palaver, but I know without doubt I'm well over 100. That's not unusual, and you might be nodding right now.

Password maintenance should, ideally, be an ingoing activity. It's not. Not even for me, and I'm ensconce in this muck and mire known as cybersecurity. I do fairly well, but can always improve. If you do not even tend to your password environment regularly, now is the time to resolve to change that. Or, at minimum, to take a few hours, which is an honest estimate of the demand you face, and work on them.

All the regular advice follows. Don't use the same password for multiple login credentials. Don't use common words; easily deduced details—e.g., your DOB month and year, mailing address components, kids' names—as parts of your passwords. Do use long passwords, or better yet passphrases, that include some of those wacky characters seldom used in English language.

I cannot here give comprehensive advice, but do your homework and improve the cybersecurity for us all. Take care of that business, and you just might enjoy a very Happy New Year!

Ed Zuger is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.