Tuesday, November 29, 2011

Get a Cipher. It’s as easy as a walk in the qbsl4.

Our blog has moved. You will find this blog post and fresh content on our new Talascend IT blog.
by Josh Kaplan

At Bletchley Park in England, the centre of allied code-breaking in the 1940’s, British and American personnel decrypted the enigma machine, Germany’s  main means of encrypted communication. Winston Churchill himself described Bletchley as the secret weapon that won the war. 
Bletchley Park, home to WWII allied code breakers

But despite the considerable intellectual and technological resources committed to the unit, the largest contribution made to the cracking of Enigma was made by German clerks.  

Bad code words were guessed by staff at Bletchley, using intelligence provided by spies and intercepted communications that were often as simple as the name of a clerk’s dog or girlfriend. These educated guesses, when correct, created the framework for breaking the overall code.  

60 years later, more advanced technology is available to our teenage children than was ever known at the park, but the Achilles heel remains the same. Bad passwords. Lazy, obvious codes that invite chaos in our homes and businesses. Here’s some simple statistics from Javelin Strategy and Research:

  • 11.1 million adults were victims of identity theft last year
  • The total fraud amount was $54 billion
  • The average victim spent 21 hours and $373 out of pocket resolving the crime
  • 4.8% of the population was a victim of identity fraud in the last year

The problem in so many cases, was bad passwords. A list of the 25 worst passwords, recently published by Forbes (http://www.forbes.com) carries only the occasional surprise. You could guess the top 5 with little effort - Password, 123456 and so on – but then that’s why they’re bad passwords.

The problem is that the idea of a password carries a central disconnection. It must be easy to remember but difficult to guess. This is not easy, especially with the number of passwords most of us must carry in our heads. Using the same word for everything is obviously a bad idea, as is committing any of your secure passwords to paper, or to the word document on your desktop entitled ‘passwords’.

So what’s the answer?  A cipher that adds an extra layer of security. For example kptvlbqmbo10 is a good password.  Great, you say – but how am I supposed to remember that in a cab to the airport trying to check in online? It’s easy enough. It’s my name. joshkaplan. I’ve used a simple transposition cipher (bumping each letter one up in the alphabet), then I’ve counted all the letters and put the number on the end (10). The result is a 12 letter combination of letters and numbers that is far more secure yet easy to remember.

If you’re one of the people who are using your children’s names (Ashley and Bailey are in the top 20), or words like Dragon, Baseball or Monkey – you should switch things up. Using my cipher, Baseball becomes Cbtfcbmm8. Invent your own cipher and try it out. Whatever you do, don’t use this one.

This kind of cipher won’t get past the guys at Bletchley, but it should be enough to keep your Facebook account safe, and your kids away from Cinemax.