It’s early Saturday morning, the dealership just opened, and a nicely dressed, middle aged man and woman pull a car onto the service drive. The dealership’s service advisor walks out and greets them, where they inform the advisor that they have an appointment to have an oil change service performed on their vehicle. The advisor checks their vehicle in, and politely escorts them to the waiting area, where comfortable chairs and hot coffee awaits. The advisor then instructs them to make themselves at home, as they will be notified as soon as their service is completed and their car is ready.
But the couple isn’t there for the coffee, or really the oil change for that matter.
The couple meanders out of the waiting area over to the showroom. They pass the receptionist who kindly asks the couple if they need any assistance. The man answers no thank you in a soft tone and says that they are just in for service, and just passing time till their car is ready. The receptionist nods and turns her attention away from the couple, and then answers a call coming into the switchboard.
Faint sounds of laughter can be heard coming from an upstairs area of the dealership. It’s the Saturday morning meeting, and the entire sales force is in attendance. As such, the showroom is completely empty. “It’s time” the woman says. “Agreed” responds the man.
The couple wanders just out of sight of the receptionist, where the man then proceeds down a short hallway right into the sales office. The woman keeps watch at the end of the hallway. He sits down at the sales desk and moves the mouse connected to a desktop computer. A password box appears. He then takes a laptop out of his briefcase and connects a cable from the laptop to the front facing USB port on the desktop computer. He launches a program and random characters immediately begin to scroll quickly across the laptop screen. One character at a time, then two, then three, then four. At the same time, the same number of random character are flashing quickly on the desktop computer screen in the password box. 19 seconds later, as the laptop is now displaying seven random characters it stops. He clicks submit in the password box and the main screen instantly appears on the desktop computer. “We’re in” he says. “What was it” she responds. “1carguy” he says. “Too easy” she replies, and they both smile deviously.
Could this scenario happen in your store?
While this may sound like a scene from a James Bond movie, technology like this really exists, and many of these password discovery tools are widely available for download for free right off the Internet. No advanced computer skills required.
So what can you do to better protect your dealership’s computer password from being compromised?
The best method is to actually make the password longer and more complex. Shorter passwords are easier to remember and quick to type, but as such they take less time to be compromised.
Here’s some approximate discovery times for a password that just contains lower case letters and numbers:
1 Character: 0.0000000025 seconds
2 Characters: 0.000000324 seconds
3 Characters: 0.000011664 seconds
4 Characters: 0.000419904 seconds
5 Characters: 0.015116544 seconds
6 Characters: 0.544195584 seconds
7 Characters: 19 seconds
8 Characters: 11 minutes
9 Characters: 7 hours
10 Characters: 10 days
11 Characters: 1 year
As you can see, a basic six character password, the minimum number that most programs will allow, can quickly be compromised by one of these tools in just over half a second. So the longer you can make the password, the tougher it essentially is to be compromised.
But let’s take it a step further and add some complexity. Using the password is 14me24you, a basic 9 character password, it would take one of these tools about 7 hours to discover. And in the scenario story above I’m sure the couple would have given up long before then out of fear of getting noticed and arrested. If you add in some non-alphanumeric characters like * to your password more complex, 14me*24you* would take approximately 48 years to compromise. If you then mix in some uppercase letters, 14Me*24You* that password would take approximately 4 thousand years to compromise based on current technology.
While I recognize that the password examples described above might not be the easiest to remember or type quickly, there are other ways that you can achieve a similar result. One way to accomplish a long, easy to remember password is by making it a phrase. The basic password phrase I sell cars! can take over a million years to compromise, as the uppercase letter, the non-alphanumeric character, and the spaces can really make it almost impossible for these type of password discovery tools. Many programs won’t allow spaces in passwords though, but using the exact same phrase without the spaces, Isellcars! will still take approximately 14 years to discover by one of these tools.
The most important thing you can do to protect the customer data contained on, or accessible by your dealership computer is to secure it with a strong password or password phrase. Your computer password is essentially the gateway to all the other programs used on a daily basis in our industry. The DMS, the CRM, appraisal programs, credit reporting programs, deal submission programs, the list goes on and on. And in all too many cases, these programs are launched and left running all day just sitting on your dealership’s computer screen. If you’re not in the habit of logging out of these programs whenever you step away from your computer, then it’s a also good idea to have your computer re-prompt for your password immediately after the screen saver is started. This way if you have to step away and the screen saver is started, your machine will be protected until you return and re-enter your primary computer password.
Lastly consider this, if you’ve ever purchased a car from your dealership, or ever had your personal vehicle serviced there, then you’re a customer too and your own personal information is accessible from your dealership computer as well.
Would you want your personal information winding up in the hands of that seemingly innocent couple?