ARES Groups and Individuals Should Protect Passwords

The ARRL released a news article recently concerning the hacking of a server in the League’s network late last month. That article can be found here. My professional background is in digital forensic investigations and includes teaching in the Digital Forensics and Cyber Security program at Valencia College in Orlando (Florida) so I’d like to make some cyber security suggestions to readers.

If your password on arrl.org hasn’t been changed since before early 2010, you need to change it now. If your password is newer than early 2010, I’d recommend that it be changed as a precautionary measure. If you’ve utilized the same password on arrl.org and other websites, especially if those other websites are banking and finance related, you
need to change the passwords on those sites as well.

Hackers will use passwords from one compromised website to attempt to access the person’s accounts on other websites. Ideally each website that you access should have a unique password; likewise, each email account you have should have a unique password.
Passwords should be made up of a combination of upper case letters, lower case letters, numbers, and symbols including: !@#$%^&*()_+=-.?<>,. (note: not all websites will accept all of those symbols in a password). Passwords should not be such easily guessed
things as the names of relatives and pets. The best passwords are random strings rather than names and words and should be 8 characters or longer.

Now the question that this immediately generates is how do I remember dozens or hundreds of random passwords? The answer is that you don’t; you only need to memorize one that is a master password used by software that secures all of the information for all of your email/website accounts. There are many such programs available, both paid and free, that can securely protect your passwords on your home computer, your mobile devices such as smartphones and tablets, and on a flash drive so you can have them available wherever you are.

Because everyone’s needs are different, I won’t advise using any particular solution. I will, however, give you an example of a free solution for PCs that has also been ported to most other platforms. The software is named “Password Safe” and is available at no cost from: http://passwordsafe.sourceforge.net/ (click on the “Download latest version” found on that page to access the program itself).
http://pwsafe.org/relatedprojects.shtml has information on ports of
Password Safe to other platforms. Again this is not an endorsement of
this program, just an example of what is available.

One of the Motions I prepared for the July 2014 ARRL Board Meeting was for the creation of an IT Strategic Planning Committee. The committee would be tasked with examining the existing Information Technology operations of the League and creating a strategic plan for addressing current and future needs. The committee would be composed of Directors and Vice Directors having a current background in Information Technology. An edited Motion was passed, directing the Administration and Finance Committee of the Board to study establishing the IT Strategic Planning Committee and provide recommendations to the Board at the January 2015 meeting. I’ll report back when I know more. — ARRL Southeastern Division Director Doug Rehman, K4AC, k4ac@arrl.org

This entry was posted in General, News. Bookmark the permalink.

Comments are closed.