Talking about security can be the “third rail” of computer systems. As a committee, we wanted to share a few things about security nevertheless. It is important and the ANA has made security an integral part of our technology plans.
It is no secret that the Internet can be an unsafe environment. Big news stories have shown us what can happen when retailers and e-commerce websites are attacked. Cyber criminals have defeated major companies with bad outcomes for their
customers. It is important to be proactive and not wait for disaster to strike.
The ANA’s objective is to never lose control of information you entrust with the ANA. In order to serve you and provide an increasing number of membership benefits, the ANA stores information about you including your address and your invoices with the ANA. The ANA is dedicated to protecting this information with the utmost care. This commitment is not new; the ANA has always chosen to not share your information with third parties (all mailings are done in-house on behalf of the sponsoring company) and has taken substantial efforts to protect electronic information. The ANA has also taken specific steps to secure your information on new website and all associated computer systems.
As the ANA has taken steps to move more operations online and accessible for all members, the Board of Governors, ANA Staff and the Technology Committee have made security a priority. We started with a top-to-bottom security audit that resulted in our proactive security plan as we move to new systems. The ANA has chosen security measures that allow the ANA to be good stewards of member information including when it is accessible online. We have implemented many security measures that are mostly invisible but are all very important.
The most visible change to the membership may be our new password requirements for online access. Because your login on the ANA website is tied to your full membership record, we are requiring that you create a strong password to protect that information. To take that protection a step further, no one can ever see your password. This means that nobody at the ANA, including contractors working with the ANA or the Technology Committee, can tell you what your password is if you forget it. If you forget your password you can ask for it to be reset. Instructions will be sent to the email address in your member record so that you can change the password yourself.
Keeping your password private and having strong passwords are important steps to protect your membership records from the online criminals. The ANA understands that strong passwords are harder to remember, but as the key to your membership information, it is important that this key be reasonably strong to lock your information.
Picking a Strong Password... think “Phrase”
If you are having difficulties creating a strong password maybe you should not think of a pass "word" and consider a pass “phrase.” Since phrases are not in the dictionary (attackers use words in the dictionary to try to guess passwords) and you can create a phrase that is meaningful to you. For example, if you like gold dollars coins, you might think that it would be nice if there had been an 1891 gold dollar (1891 being the year the ANA was founded). Using that information a good, very hard to guess, password would be Gold$1891. This would be considered a strong password because it has at least one UPPER CASE letter, and at least one symbol ($) and at least one number. However, please do not use this as your password since it could be on an attacker's list to guess now that it has been published here.
Regardless of what you have heard about passwords, the Technology Committee does recommend that you write down your password and store it in a safe place. You might use abbreviations that make it harder for others to understand what you write down. Writing down a strong password and protecting that piece of paper like you would protect any important document helps keep your information safer than a weaker password. If you do not feel comfortable writing down your password you could consider using a program that securely stores passwords. Not only will these programs secure your password and assist you with entering them when you are online, but they can be used to create very secure passwords that you do not have to remember. All you would have to remember is the one password you created to protect the password vault. Two programs that are recommended are LastPass (lastpass.com) and 1Password (agilebits.com/onepassword).
It is unfortunate that there are those on the Internet who want to do harm to others and we are sympathetic to the additional pain this creates. The ANA needs to be able to serve you online but also be good stewards of the your personal information. The ANA is using the best tools available to do this.
Ultimately, our objective is that the ANA protects your personal information so you can decide who you share it with, not the ANA.
Our ANA Technology Advisory Committee members hope to see many of you at our Money Talks session in Chicago. We’ll do introductions and a short presentation and then mostly be an open forum for comments and questions. We are scheduled for Tuesday August 5 at 4pm. Please join us if you can!
James serves as the Chair for the ANA Technology Advisory Committee. James is an engineer at Intel Corp. in Oregon, and is a well-known author of technical books who has worked in the field of supercomputers for 27 years. James is an avid coin collector, life member of the ANA, VP of the Pacific Northwest Numismatic Association and Webmaster for the Willamette Coin Club (Portland, Oregon).