Someone sent me a file to review this weekend. I downloaded it from my FTP site then went in to restore it from the backup they had sent. I then entered the password they had forwarded to me. As soon as I did, QuickBooks started displaying the message that it was time to change the ‘Admin’ password because the file is using Credit Card Protections. This means that I must create a new password for the file that has absolutely nothing ‘in common’ with the user. If I were going to be returning the file that might be a complication, but in this case, I will be disposing of the file just as soon as I have run analytics.
But my question is, why do we procrastinate about secure (complex) passwords? It seems like everyone I know looks at the requirement to use a secure password as not just a chore, but almost a nightmare. In reality, the nightmare would probably be NOT using a secure password, not just for our credit-card protected QuickBooks files, but in most of our password protected applications, including websites.
While I am absolutely certain that ALL the readers of Insightful Accountant religiously use Secure (complex) passwords for all their most closely guarded data, I thought to myself, “I probably should write a little something” about why and how to use this level of security.
As it turns out after a little research, even ‘complex’ passwords are a joke in many cases. Just a couple of years ago a Department of Defense study showed that passwords being used even in secure installations including things like ‘Password01’, and ‘1234567890’ as forms of 10-character passwords. Not long before that the most common passwords being used on a wide-spread basis were ‘Password’ and ‘123456’.
Secure (complex) passwords should be a minimum of 8-characters, preferably 10-characters, in length. These passwords should be a random choice of letters, both upper case and lower case, numbers and symbols. Many people substitute numbers for some letters, or some symbols for their equivalent numerals. For example they will use a ‘0’ (zero) in lieu of an ‘o’ (the letter o), or they will use a ‘$’ (dollar sign) in lieu of the number ‘4’.
You should always avoid creating secure (complex) passwords that are easy to guess. For example, when it comes time to replace a password, DO NOT replace it with a reverse of the previously used password; in other words don’t re-set password “CsR86*&3” as “3&*68RsC”. Never use passwords that incorporate know information like your home address or social security number, or birthday.
ALWAYS mix-up your passwords, DON’T rely on just one or two passwords for everything. A lot of people make this mistake, they use the same password for their computer, their QuickBooks, their On-line Banking, and all of their major credit cards. The first thing ‘hackers’ do when they break a password is send the password out to everything they can find on the invaded information source to see if the password opens something else.
This isn’t intended to be a ‘treatise’ on all the security concerns or techniques associated with passwords, simply a brief review of some of the more common “don’ts” and important “do’s” when it comes to secure ‘complex’ passwords. Every once in a while it is a good thing to ‘jog our mind’ about this important topic, hopefully we have gotten you thinking about where you are doing a good job with passwords, and where you need to focus your attentions.
IMPORTANT: Don't send us comments about your password, or how you formulate your passwords, that would defeat the purpose of this article in its entirety.