by Carissa Carissa No Comments

The Password Is…….”Secure”

At some point, we’ve all experienced that dilemma that comes with choosing a new password. Whether the account is for access to business data, personal financial data, or private resources, we’re left with trying to decide if we should provide a weaker password that is easier to remember or a stronger password that we are more likely to forget in the name of protecting our data. If you continue to face that quandary as you define new accounts or change your passwords, here are a few things to consider that might help in defining secure passwords that can be used effectively.

First, all passwords should be at least eight characters in length. Simple math logic dictates that in general, the longer a password is, the harder it will be to guess for any attacker. A common practice for making long passwords easier to remember is to use a pass phrase. You can use the first letter of each word in a phrase, a song lyric, or a favorite quote to create easy to remember yet non-sensical passwords. “Four score and seven year ago, our fathers brought forth” can become “Fs&7yaofbf” – which is a ten character password that can still be remembered and recreated after you have finished reading this refresher.

Second, all passwords should contain a variety of upper/lowercase letters, numbers, or special characters. Using this tip to expand the number of possible values within the password can make passwords considerably harder to compromise. Consider that a password of “password” and a password of “Pa$$w0rD” are both eight character passwords, but clearly one will be harder to compromise than the other. It is much harder to brute-force attack an eight character password that has almost one-hundred different options for each character than a password of the same length that has only twenty-six options for each character.

Third, a common expression in password management is that you should treat your passwords like your toothbrush – “never share it with anyone and change it regularly.” The problem with sharing a password, whether for support or to allow someone to temporarily use your system, is it provides potential malicious users with insight into the personal pattern you use for creating passwords. If you share that your secure password is MyDogI$R3x, then it becomes worth noting to the malicious user that you have decided at least once to tie a password to the name of a pet. If you have reused that password on other systems, or used a similar process to create other passwords, the process of guessing becomes much easier.

Lastly, there are several common sense points worth reiterating when it comes to securing passwords.

  • Do not write down your passwords. If you need to store seldom used passwords for future reference, use a free encrypted password storage utility, such as Passkeeper.
  • Do not use dictionary words, your username, or family names as a base for your password.
  • Do not use any of those taboo categories supplemented with just a number at the front or back of the word to try to make it more secure.
  • Do not send your password via email. Of course, this overlaps with never sharing your password with anyone, but is important enough to mention again.While no method for creating passwords manually will be as secure as random One-Time Passwords (OTP) that many people have used for access to more secure systems, following those simple guidelines can help to minimize risk, help you remember secure passwords, and move you along the path of having better security habits.

For more information regarding Best Practices in password security or the One-Time Security (OTP) options, please contact your Keller Schroeder Senior Account Manager.

by Carissa Carissa No Comments

A Slacker in the Ranks? Search Engine Optimization

You have a web site, but is it working hard for you? Do you know how much of it is being used and by whom?

  • How many visits is my site receiving?
  • How many visitors are coming from search engines (e.g. Google) vs. directly or from other sites?
  • From which countries, states, and cities are they coming?
  • Which pages in my site are receiving the most attention? The least attention?


Many web site hosts offer statistics you can access to answer some of these questions — be aware that some include web crawler activity in their numbers, which skews the results. For crawler-free reporting and additional answers, there are other tools. One, which is free, is Google Analytics. It has a nice user interface.All you have to do is sign up and add a little script, which Google provides, to your common page footer. Analytics will then start collecting data and you can start viewing information. Once you build some history, you can get answers and then take steps to optimize your site for your offerings and your target market to make it work harder for you.Click here for a couple of quick, slacker-revealing things to try, as well as information about Keller Schroeder’s Search Engine Optimization (SEO) services. If you are not responsible for your organization’s web site, consider forwarding this article along.

Contact Ray Pritchett at (812) 474-6825 ext. 348 for assistance in setting up Google Analytics or optimizing your site for search engines.

We welcome the opportunity to work with you.

by Carissa Carissa No Comments

Project Management: Change Control

One of my favorite quotes is: “Nobody likes change but a wet baby!” How true…We all have some area of our life that we just do not want to change. As a project manager, we can like change or hate it, but one thing is for sure — we better manage it well. Managing change requests is a commonly mishandled area in the project lifecycle. Let’s take a look at some considerations.

Sometimes a project team member will forge ahead with changes to the scope of a project, large or small, wanting to “super-please” the change requester or a stakeholder. This is great until the project comes in late and over budget, with no documented change requests. No one likes working hard for weeks or months only to be under-appreciated because changes were not documented. So the next time you manage a project, coach your team to engage you to handle change requests or teach them how to handle the requests and report them to you.

TIP #1: Initiate change control
In addition to the actual request, document the date of the request, the requestor, and the priority and business considerations. Explain that the team will look at the request and that the request will be approved, postponed, or rejected by the stakeholders. And that they will be informed of the result.

To properly discuss a change order with stakeholders, you must determine the impact on such things as the schedule, resources (i.e. dollars), quality, and risk. For instance, you might say that Joe in Accounts Payable wants to add a report, which will cost $800 and will not impact the go live of the project. You will want to convey to the stakeholders the priority and business considerations gathered at the time of the request.

TIP #2: Have stakeholders approve or reject change requests
Stakeholders should make the decision. As a project manager, it is your job to equip them with the additional cost, change in schedule, etc., and then let them decide how they want to proceed.

TIP #3: Make a list of small items
When asked for multiple small changes (together or over a period of time), write them down and batch them together. Multiple small changes can wreak just as much havoc on schedule and budget as a large item, and yet they often are the culprit of overages because it is just one small change, then another, then another. Let the requestor(s) know that you are building a list of small changes that will not be overlooked, but avoid the temptation to address them immediately.

TIP #4: Include a change order log in your status reporting
I am an advocate of weekly status reporting to stakeholders for most projects. I include things like progress vs. plan (schedule and estimate), key items, and a change order log. The change order log should list each change requested, the date and who requested it, the estimated effort, and whether it has been approved or rejected, so that all stakeholders see the changes. This greatly reduces missed expectations at the end of the project, as well as that lousy feeling of being under appreciated.

Dan Ehrhart
V.P., Application Solutions

by Carissa Carissa No Comments

Introducing our Microsoft SharePoint Blog

Are you faced with the challenges associated with propagating information to your remote workers or business partners? Does your organization struggle with organizing or finding valuable information? Are you tired of dealing with multiple versions of a document floating around in your organization? Are you in need of a corporate knowledge sharing and collaboration strategy? Maybe you should consider SharePoint, the most widely adopted portal and collaboration product on the market today.

Keller Schroeder is a Microsoft Gold Certified Partner with competencies in Advanced Infrastructure Solutions, Data Management Solutions, Custom Development Solutions and Information Worker Solutions. In addition to our years of experience with .NET, Office development and SQL Server, we are also your local SharePoint expert – having staff who have specialized in SharePoint since late 2005. Our SharePoint experts have recently created a blog to share some of our SharePoint insights. On our blog you will find information suited for SharePoint developers, administrators, power users and information workers. Our SharePoint blog is a great way to stay in touch with things we have recently done with SharePoint and to find information that is useful to your organization.

Please visit our SharePoint blog at the following URL: sharepointblog.www.kellerschroeder.com

Add the site to your favorites, sign-up for email updates or subscribe via your favorite RSS reader. Your comments are always welcome on our blog posts as well.