Let’s not kid ourselves; passwords are a pain in neck. They get in our way when all we want to do is get our work done. Passwords slow us down, and if mistyped enough times can lead to strong language. Nevertheless they are important.
Here’s Why
When you use your office computer to access patient records you are dealing with PHI (Protected Health Information). We now have a federal law, HIPAA, which restricts access to patient records, to the minimum amount of information needed for a worker to perform their duties. There are settings in the computer system that look at your name or user number to determine this minimum level of access. For example, a nurse named Jane may be allowed to see or change any patient information while a receptionist named Terry may be restricted to accessing only appointments.
Example
Imagine that Jane goes to lunch and follows log out procedures but has a weak password. It’s the name of her beloved tarantula “frisky.” Imagine that someone else, called “mischievous person (MP),” sits down at Jane’s computer and logs in as Jane. MP, knowing and hating Jane, guesses that Jane’s password is “frisky.” The computer says “Welcome Jane.” It will allow the MP to access all the records the real Jane is allowed to access. MP can also send nasty emails to Medicare, posing as Jane. Moreover, Jane’s name, not MP’s, will appear in the computer logs. Should any of this activity be discovered, the real Jane is in a bind. After all, it’s her name that the computer records as performing the activity. OK, Now What? How could Jane have prevented this? Easy. She can get rid of Frisky and get a cat (just kidding). She could have created a stronger password. For example, Jane loves Arnold Schwarzenegger. She loves his Terminator movies. She picks for her password “I’llbeback!” It’s eleven characters long and contains punctuation. It’s easy to remember and easy to type. When she’s required to change it in four months she puts a “3” in place of the “e.” Now it’s even stronger. Terry, the receptionist likes Jimmy Buffet. She likes the song “Cheeseburger in Paradise.” She picks “Bigmac&B3ech.” It’s actually fun to think them up. You could use book titles, bible references, or any of a million other interests you may have.
By the way, the number of possible combinations for a password with twelve case sensitive letters, numbers and punctuation is 540,360,087,662,636,962,890,625!
What Not To Do
Here are characteristics of weak passwords
- Contains less than eight characters
- A word found in a dictionary (English or Foreign)
- A common usage word such as: Names of family, pets, friends, characters, etc.
- Computer terms and names
- Birthdays or other personal information
- Word or number patterns
- Above spelled backward, or with a preceding or following digit.
