stty consulting › our future
Password Security
Why is password security important?
There are people out there who will attempt to find out, or crack, your password. Once they get your password, they can do awful things to any information stored in your account. Even worse, they may be able to do awful things to the accounts of other people on the system, or even break in to systems across the world from ours. So the argument, "I don't need a good password, I don't have anything in my account, anyway" doesn't work. We all have a role with respect to security.
I have a good password why do I need to change it ?
One of the reasons we use strong passwords is it takes a thief a lot longer to crack. Given enough time, automated methods can crack any password. However, it still can take months to crack a strong password. So, by changing your password as often as possible, we are not giving the thief the time needed to do the dirty work.
Is there an easy way to create good passwords?
The following tips should help you create a strong password that is easily remembered.
1. Use more than one word, a number, a symbol, and a capitalization.
These can be easy to remember yet create strong passwords. Br0ken$dish is a simple password yet very strong.
2. Use symbols instead of characters
Many people tend to put the required symbols and numbers at the end of a word they know, for instance, "John1234". Unfortunately, this is relatively easy to break. The word "John" is in a lot of dictionaries that include common names; once the name is discovered, the attacker has only four more relatively easy characters to guess. Instead, replace one or more of the letters within the word with symbols that you'll easily recall. Many people have their own creative interpretations of what letter some symbols and numbers resemble.
For example, try substituting "@" for "A", "!" for "l", a zero (0) for an "O", a "$" for an "S", and a "3" for an "E". Look at the symbols on your keyboard and think of the first character that comes to mind—it might not be what someone else would think of, but you will remember it. Use some of those symbols as substitutions for your passwords from now on.
3. Choose events or things that are on your mind
Use this as an opportunity to remind yourself about something pleasant that is going on in your life. Make it unique to you. Be sure to make it a phrase of two or more words, and continue to slip in your symbols. For example: "J0hn$Gr@du@tion".
4. Use phonetics in the words
In general, password dictionaries used by attackers search for words embedded inside your password. As mentioned before, don't hesitate to use the words, but make sure you liberally sprinkle those words with embedded symbols. For instance, "Fix the router" could become "F!ks d@ r0wtur".
5. Don't be afraid to make the password long
If you remember it better as a full phrase, go ahead and type it in. Longer passwords are much harder to break. And even though it is long, if it is easy for you to remember, you will probably have a lot less trouble getting into your system, even if you aren't the best typist in the world.
For example: “I watch the news on channel 3.”
6. Use first letters of a phrase
To create an easy-to-remember and strong password, begin with a properly capitalized and punctuated sentence that is easy for you to remember. For example: "My daughter Kay goes to the International School." Next, take the first letter of each word in your sentence, preserving the capitalization used in the sentence. In the example above "MdKgttIS" would be the result. Finally substitute some non-alphanumeric characters for some of the letters in the password. You might use an "@" to replace an "a" or use an "!" to replace an "L". After one such substitution the example password above would be "MdKgtt!S"—a very difficult password to break, yet a password that is easy for you to remember, as long as you can recall the sentence on which the password is based.
Do's:
- Use strong password everywhere not just at work.
- Combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess.
- Create pronounceable passwords (even if they are not words) that are easier to remember, reducing the temptation to write down your password.
- Try out using the initial letters of a phrase you love, especially if a number or special character is included.
- Take two familiar things, and then wrap them around a number or special character. Alternatively, change the spelling to include a special character. In this manner, you get one unfamiliar thing (which makes a good password because it is easy for you and you alone to remember, but hard for anyone else to discover).
Here are a few examples:
"Phone + 4 + you" = "Phone4you" or "Fone4y0u"
"cat + * + Mouse" = "cat*Mouse" or "cat*Mou$e"
"attack + 3 + book" = "attack3booK" or "@tack3booK"
Don'ts:
- Don't use personal information such as derivatives of your user ID, names of family members, maiden names, cars, license tags, telephone numbers, pets, birthdays, social security numbers, addresses, or hobbies.
- Don't use any word in any language spelled forward or backward.
- Don't tie passwords to the month; for example, don't use "Mayday" in May.
- Don't create new passwords that are substantially similar to ones you've previously used.
- Don’t use the same password everywhere (home, banking, and broker).
Acceptable symbols
` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /
As always feel free to contact your local IT Help Desk