Getting your users to adhere to your security policies is one of the most difficult parts of an IT administrator's job. Passwords are an especially big issue: Users choose passwords that are easy to remember, they jot them on sticky notes attached to their monitors, and they seldom change them. To address this security risk, Large Software offers the following 5 tips for creating and maintaining safe passwords.
- Keep 'em Guessing: Never use personal information to create a username, login, or password (i.e., names of pets, relatives, nicknames, dates of birth, birth location). In this day and age where information is often finding its way onto the web and identity theft experts have become ever-savvy at ferreting out these details, it is crucial to choose usernames and passwords that are disassociated from your personal history. Does it make it harder to remember? Yes, but you'll be thankful when you're spared the potentially hundreds of hours and thousands of dollars it often costs to fix a stolen identity.
- Keep it Fresh--Diversify: Avoid using the same login and password across multiple sites and/or cards and accounts. If a thief gains access to one, it will be like a house of cards, allowing them to quickly wreak havoc across your entire financial portfolio. Are you the type that says, "I never share my PIN?" It's amazing how often those "unshared" digits are misused by a jilted lover or nosy housecleaner.
- Bigger is Better! Cliché but true. Studies have consistently shown that a large fraction of all user-chosen passwords are readily guessed automatically. Shorter passwords are more susceptible to commercially available password recovery tools. Such software is capable of testing 200,000 passwords per second. To improve the cipher strength of your password, longer passwords are better. Include a minimum of 8 characters--using both upper and lower case letters and a mix of letters, numerals, and symbols. Do not use words found in the English dictionary.
- Think Like a Thief--Don't Make it Easy on Them: Put yourself into a thief's shoes--don't even think about using an overly simplified password such as "12345678," "222222," "abcdefg." Avoid sequential passwords or using passwords derived from the use of adjacent letters on your keyboard; this will not make your password secure. Also, avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as replacing an 'i' with a '1' or an 'a' with '@' as in "[email protected]@re" or "[email protected]". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
- Consider a Password Manager: There are many decent applications on the market that will digitally safeguard your various passwords. Avoid using the free ones "built-in" to browsers as these have been widely exposed for their security flaws. Consider software that memorizes and securely stores each username and password that you enter on a website.
For more in-depth information about password security, see the following Windows IT Pro articles: