A Frank Discussion About Password Security

beat-a-dead-horseYou, dear reader, are a responsible password user with perfect password hygiene:

  • You always use a password with a mix of letters, numbers and special characters.  You never use a pet’s name, an anniversary date or “password123.”
  • You never write your password down and leave the note in an unsecured location.
  • You never use the same password twice. You would never use the same password for a banking site as an online newsletter.
  • You strictly follow all password policies handed down by your business, organization and other entities.
  • You never enter your password into anything but a trusted login window that you are certain has not been hijacked by a guy named “l33t PETE.”

Congratulate yourself on your mastery and discipline in the area of password security! If you do not adhere to the list above, we have some work to do. Each point above has thousands of cautionary tales. Did you know…

  • Passwords used online since early March have the potential to have been stolen by a HeartBleed attack.
  • Password guessing (brute force) attacks steal millions of accounts on the Internet every year.
  • Insider threats from coworkers and untrustworthy janitorial services can turn that password on the post-it under your keyboard into a disaster.
  • Once a big site like LivingSocial gets infiltrated and has passwords stolen, the hackers turn around and try those same passwords on banking sites, shopping sites, etc.

Your internal dialogue is probably saying, “What’s the big deal with password security? No one wants access to my Facebook page or work email anyway.” Instead of trying to shame you into protecting against a threat that is hard to predict, here are three useful tips that will make you more secure and make passwords a little less awful:

Use a pass phrase and not a password. Instead of  “d0gFLEA$,” use, “My dog ROGER has no fleas!” There is no doubt which one is easier to remember, but which one is more secure? According to the Brute Force Password “Search Space” Calculator, the “dogFLEA$” password could be discovered within 18.62 hours through an online dictionary attack. “My dog ROGER has no fleas!,” on the other hand, would take 47 hundred trillion trillion centuries to discover through an offline dictionary attack. (Note: There are dictionary attacks that would be faster.)

Use a secure password manager. Instead of writing passwords down or storing them in an unprotected file, use one of the many secure password tools like KeePass. As long as the app uses encryption to save the password and makes you enter a password to unlock, it is much better than a post-it.

Separate passwords by the importance of what they protect. Your bank account should have a unique password, as should your corporate email account. If you are going to be lax, be lax with the things that are not important. Perhaps the password for your free newsletter account and the warranty site for your toaster can be the same.

Passwords are an annoying fact of life.  There are better ways to prove to computers you are who you say you are, but that is for another article.

Paul Hirsch is a Senior Network Engineer for Citon Computer Corp. If you have a question for Paul, use the form below. 

Your Name (required)

Your Email (required)

Your Message

IRS Misses Windows XP Expiration Deadline

Even the Internal Revenue (IRS) found itself unprepared to handle the expiration of Windows XP.



Microsoft cut support for Windows XP on April 8, which eliminated support and security updates necessary to keep the operating system secure. Those still running the aging platform were urged to upgrade to Windows 7.

According to TechSpot, 47 percent of Windows desktops and notebooks used by the IRS have been upgraded to Windows 7, leaving the remaining 58,000 Microsoft PCs in need of upgrades.

So, does that leave the remaining 53 percent of IRS operating systems vulnerable to compromise?

Microsoft has indicated it will provide custom support to the IRS until all systems are switched over. However, that service comes at a cost which some have estimated is in excess of $10 million.

According to an IRS spokesperson, “The IRS is working to complete the updates (to Windows 7) by the end of calendar year 2014.”

Have a question for our IT team? Contact us!

Your Name (required)

Your Email (required)

Your Message


What You Need to Know About the ‘Heartbleed’ Bug



(Screenshot heartbleed.com)

The world was hit with the news this week that some versions of a common encryption component used to protect your “secure information” had a serious flaw that gave hackers room to steal private data.

The component, OpenSSL, is used to encrypt your private information as it passes over the Internet, effectively turning your emails, passwords, IM chats and private social media into an undecipherable web of nonsense to anyone else but you and the service on the other side.

The “HeartBleed” bug gives hackers the ability to extract some of that information from sites with the vulnerable version of OpenSSL.

According to Business Insider, developers behind OpenSSL had already fixed the issue before it was announced.  Service providers and businesses will need to apply fixes to servers, a step most large providers have already taken.

But that doesn’t necessarily mean everyone is in the clear.

Security firm Codenomicon, whose researchers played a role in the bug’s discovery, is urging people to change their passwords.  As a security best practice, Citon recommends using different passwords for different types of accounts to protect against this and many other types of attacks.  Switch things up — it’s best not use the same password for Facebook and your online banking account.

(Customer systems covered by a Citon managed service agreement will be checked for HeartBleed vulnerability. Notification will be sent if any patching is needed and Citon will provide guidance on the potential impact.)

Have a few more questions for our IT team? We’re happy to help you out.

Your Name (required)

Your Email (required)

Your Message




Joy on the job?




Every business is different – the goals, services and priorities shift from workplace to workplace. This is what makes our world go round. Businesses work with one another to provide their own expertise, creating a well-oiled machine that fuels the American workforce and creates the communities, cities and country we aspire to be a part of.

Citon fits into that equation as the company that provides area businesses with the IT tools they need to succeed. In doing so, it strives to improve the lives of those it does businesses with – one job at a time.

Joy is the ingredient that transforms good service to tremendous service. It sets companies apart and, ultimately, improves lives and the collective experience.

Take Menlo Innovations, for example. Its CEO and chief storyteller, Richard Sheridan, is the author of a book that addresses this very issue: Joy, Inc: How We Built a Workplace People Love. As a testament to his theory, his company has received numerous awards throughout the years for its dedication to joy in the workplace. It has consistently won the Alfred P. Sloan Award for Workplace Flexibility since 2006, largely in part due to its joy factor.

It’s safe to say Sheridan practices what he preaches – and it works.

Guy Kawasaki, former chief evangelist for Apple and author of Enchantment: The Art of Changing Hearts, recently wrote an article in which he stressed the importance of intentionally creating a joy-filled workplace. Referencing the work of Sheridan, he compiled a list of the key components to a joyful workplace:

Imagine joy. Set out to intentionally build the company and workplace that you want to work for. If you don’t try to build a joyful company, you’ll never achieve one by accident.

Build community. Good attitudes spread. A contagious joyful attitude can spread from your employees, to your clients, and to the community. A rising tide of joy floats all boats.

Foster communication. An open work environment creates natural opportunities for conversation and growth. “A culture that embraces and honors its people with a changeable space encourages serendipity.”

Use storytelling. Engage your clients and visitors with stories of your company and your team. “If you can get the world to start telling your company’s stories, you will reinforce your mission every single minute of every day, even when you’re not in the room.”

Tear down towers of knowledge. One person shouldn’t be so integral to your organization that they can’t go on vacation or has to be on-call all the time. While these could seem like job security, ultimately, it’s too much pressure on one person and the infrastructure.

Design for living. “Whatever you do for a living, design plays a role.” Design helps tell your companies story and should help create the joyful user experience for your brand.

Kill fear. “Fear is one of the biggest killers of joy,” so it holds your team back from making bold decisions unless the bold decisions mirror what management wants. Which, come to think of it, often means they’re not really bold.

Make mistakes faster. “Small, fast mistakes are preferable to big, slow, deadly mistakes.” Create a culture where people can fail and succeed to survive and thrive. A small, fast mistake means you’re learning. A big, slow mistake means you’re dumb.

Rely on discipline. There’s no replacing hard work and accountability for your work. Discipline creates results. Joy and discipline are not polar opposites nor are joy and anarchy the same thing.

Catalyze teamwork. At Menlo Innovation, they work in a pairing system. Each week they switch pairs and maximize the skills of each employee as they rotate through different pairings. This pairing and re-pairing strengthens the whole team.”

Need some joy? Contact us.

Your Name (required)

Your Email (required)

Your Message