At the recent LITA (Library Information Technology Association) conference, I attended a pre-conference session on technology security in libraries. Blake Carver, the library security professional who presented the talk, had a great deal to say about staying secure on your library computers – he covered topics from password security to server configurations that will help to make all of our services more secure. For many of our member libraries, the NEKLS IT team is your IT security team – so getting this information from him was invaluable for our ability to protect you all from the bad guys on the Internet! One suggestion he made was to use long passwords – really long passwords. He suggested that 24 characters was a good length for which you should aim. Of course, not everything you have a password for is equally valuable, so those short passwords are fine for stuff that is in no way tied to your identity or your bank account. His recommendation for getting those long passwords? Start with something short and memorable, eg. library and then pad it out to make it harder to guess, eg. lNEKLSi12b34r56a78r910y*(. That is a 25 character password that would be difficult (but never impossible) to guess. As with your house or your car, it’s a lock that deters thieves – locking the car is pointless because thieves can always break the window – but most won’t. They’ll just go on to the next car that isn’t locked and steal from that one. This is just a deterrence that makes your account a little bit harder than the next account they are trying to get into.
Who is going to remember all those characters, though? You can use a password safe like LastPass or KeePass (Lastpass connects to your browser to fill in online forms for you, KeePass has a database that can be downloaded and stored in Dropbox or Box.net for access from any computer (that has the KeePass software installed in it, but that is free and quick to install). Those are helpful to keep you from having to type lNEKLSi12b34r56a78r910y*( repeatedly every time you want to log into something, but they require you to create a new habit of remembering to use them every time you set up or access an account with a password.
Some other password tips:
- Use at least 1 uppercase
- Use at least 1 lowercase
- Use at least 1 number (and don’t put those numbers on the end)
- Use at least 1 something else (*%$@!_+=)
- Make it as long as you can
- Make it unique
- Use a password manager
- Use 2-factor authentication whenever it is offered (eg. Gmail)
- Save your most complex passwords for your email accounts – all of your password reset information goes through there, so one email account can give a bad guy access to many other accounts!
As a final note, the SANS security organization puts out a monthly security bulletin that is targeted to non-IT people – no jargon, just practical tips for staying safe while on your computer. November’s issue: November 2013 OUCH (PDF) deals with staying safe while shopping online for the upcoming holiday season. This would be a nice thing to offer near your public computers, too – it’s free to print and distribute!
Staying safe online requires a balance between hard-core security and convenience. While most of you won’t be able to change all of your passwords to 20+ character monsters on every account, I do hope that you’ll consider strengthening your most important passwords – the ones protecting your email, your financial information and accounts that have your identity information included. Please feel free to contact any of us at NEKLS IT if you have questions about staying safe or protecting your library’s computers!