Security - Importance of Good Passwords
We all know that passwords are important in the scheme of securing our workstations/servers, etc from crackers (persons who maliciously circumvent security to access our system(s) for nefarious reasons, etc.
Passwords are our first line of defense against crackers/viruses, etc. The User/Password system provides us with the means to identify and authenticate persons who access our systems be it workstations or data on servers.
The user/password system is usually supplemented with other means of identification/authentication to include such things as keys, tokens, badges, etc. New technology also provides for the use of fingerprints, voiceprints, etc (Biometrics). Still, the user/password system is still the most widely used first line method.
Passwords are like a toothbrush. Use it every day; change it regularly; and DO NOT share it with friends! Some rules to using passwords:
1. Do not let anyone use your password.
2. Do not provide your password to anyone at any time for any reason.
3. Do not write your password down - particularly on your terminal, computer, or anywhere around your desk. If you do write it down do not identify it as a password and do not write any information that associates it with a computer and/or server.
4. Do not type your password while anyone is watching.
5. Do not record your password on line or send it anywhere via electronic mail.
6. If you do share your password - deliberately or inadvertently - change it immediately.
7. Change your password on a regular basis (even if it has not been compromised) and always use a complex password (combination of random letters, numbers, and special characters)
Passwords are your first line of defense against intruders. Here are some hints for picking a good password.
1. Pick one that is hard to guess. Pick passwords that are not words (English or otherwise) or names (especially your own, that of fictional characters or family member).
2. Pick a mix of alpha/numeric characters. Never use all numeric passwords (especially your phone number or social security number).
3. Pick long passwords. If only a few char's long, an attacker will find it easy to try all combinations. Make it at least 6 to 8 characters. If your system supports it use pass phrases or passwords of up to 40 characters.
4. Pick different passwords for the different systems you access.
5. Be careful about including special characters as some have special meanings to the system you are accessing.
The best passwords contain mixed uppercase and lowercase letters, as well as at least one number and/or special character. The password does not need to be gibberish. In fact, if it is, you will be tempted to write it down, defeating the purpose of your careful selection. Suggestions are:
1. Combine several short words with numbers or special characters; for example: I;did3it
2. Use an acronym you have built from a phrase you will remember, example:
"Oh no, I forgot to do it" = On5iftdi or Onif;tdi
3. Pick a nonsense word that is still pronounceable; for example 8Bektag or shmoaz12. |
