How Secure is your password?

How Secure is your password? We guess not very secure, firstly a secure password is often the cheapest, easiest to implement method in your business’s security defences. But, like any defence, it takes knowledge and practice to be able to use passwords deftly and successfully. Here’s how you can help your employees create passwords that are usable, memorable and secure.

Always change a pre-supplied password. Many applications, products come with default vendor provided passwords such as “administrator” or “password.” Using these default terms as passwords is about as effective as using no password at all and often leave gateways into networks, applications and software wide open.

How long a password?
A password should be at least eight characters long — the longer the better, but not too long as to make it easily forgettable!!!

Don’t use everyday names or words. Names and words, in English or any other language, can be quickly identified through the use of software that scan through dictionaries at high speed and guess at passwords.

Don’t use your user account name as the password. We’ve lost count of the occasions where passwords are the same as the user account; user signs on with account Jbloggs and a password of Jbloggs.  Not only is this probably the first combination an unauthorised person attempts, it leaves your systems wide open if other controls are not in place

Use passwords that include numerals, upper- and lowercase text. Anything that makes your password more difficult for others to guess is a good thing but again not to complex as to make them forgettable!!! Some systems, applications may not like punctuation but the use of other characters should be suffice

Use mnemonics (short verse, sentence). Create a sentence you can easily remember, such as “The colour of my house is Red.” Now take the first letters of each word in the sentence, turn any numbers into numerals, and retain the capitalization. This is an easy to remember password and yet secure example: “Tc0mh1R

Avoid writing down the password.
Now enforcing the above point about not making your passwords that complex that it makes the password forgettable, we often would be tempted to write the password down somewhere and leave in an easily found place (under keyboard, unlocked drawer, notepad or Visible whiteboard!!) if you don’t trust your memory, write down a hint, such as “favourite holiday resort.”

Use encryption. If a password must be written down, it should be placed in an encrypted file that isn’t named something like “passwords” or “security codes” Often we see the use of a Secure Flash drive to store multiple passwords, but remember the same password rules apply for flash drive or you’re defeating the object!!!!

Never share a password. Your password is like a toothbrush, you’d never share that so never share a password to a friend or colleague. Instead, you should be creating unique accounts per employee or advising colleagues how to get their own access created. Within larger organisations often there are change management processes to follow for elevated/privileged access.

Remember the activities your account performs are often auditable and traceable back to you as the owner of the account, so never share a password.

Use different passwords for multiple accounts. A single password may be easy to remember, but if that password is ever lost or stolen, it means exposing multiple systems to a thief or a snoop. Our recommendation is to keep you initial network logon password different from any production application’s passwords.  It’s all too easy to get from a network logon to sensitive financial application data if the passwords for different systems are the same


Change passwords frequently. Changing a password every few week ensures that even if your password is stolen by a careful thief or snoop who manages to access your account without leaving a trace, it won’t be operational for very long. Ideally we recommend if the system allows the implementation of automated password process to ensure passwords are changed as a minimum every 30 days.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

*

Rss Feed Tweeter button Facebook button Technorati button Reddit button Myspace button Linkedin button Webonews button Delicious button Digg button Flickr button Stumbleupon button Newsvine button Youtube button
2014 entertaiment online pharmacies !;** viagra professional are buying their medications. Our prices are compared pharmacy online ~)]# buy viagra super active use patients to once again. No prescription needed on order viagra ![@~ order viagra super active or medical advice.