Passwords are a solid line of defense with regard to home or business security. How many passwords do you use in a day? Can you remember them all? There is a method to the madness when it comes to password security, if you follow some rules. This is a part of an ongoing series spanning the month of October, in support of the NCSAM initiative.
Passwords can be both a blessing and a curse.(IMG:J.Anderson)
Passwords are great. Passwords are also an evil mind bending existence for some. The frustration that is felt when you try to access something online or on a network, and realize that the password you tried is not the correct one, is a joy that many know and love.
Many people have different passwords for different things. There is a password for email, a password to login to the network, a password for your favorite website, a password for the ATM, and a password for voicemail, just to name a few. The most common complaints come from passwords used on the wide selection of Web sites that people belong to, and the need to remember them.
For the business and home user there are some basic principals for passwords. Like toppings on a pizza however, there are different opinions on the topic. Some of the basic rules are universally agreed upon, making things easier to start with.
Don’t: Create passwords using personal information or information someone could guess.
The reasoning behind this rule is simple. There is a lot of information about you online, and people love to talk about family, kids, and their job. So creating a password based on information someone knows about you, or information that could easily be located on Google, is a bad start. Likewise, picking a password that can be guessed, such as password123 or openup, is another bad idea.
Don’t: Create a password using words in a dictionary, no matter the language.
Passwords based on dictionary words will fail. This is because password cracking programs can hold entire dictionary volumes. Some will argue that using a scientific word or other obscure word will prevent dictionary based attacks, but this is placing faith in the fact someone hasn’t already created a password list comprised of nothing but science or technical terms.
Never use the default password or a common password.
The advice to change the default password for any hardware or software application is the one that all security people agree on.
Look at this page, which is a database of known default passwords used by hardware vendors. If your hardware, D-Link or Linksys, Belkin etc., is listed here, ask yourself if only good guys know of this database.
Do: Make sure your password is long, extra long.
Long passwords, are strong passwords. Contrary to popular belief, long passwords are easy to remember. However, keeping within the other rules makes this tricky. Not impossible but tricky.
Example:
steveragantthsecurity – poor exampleSteveRaganTTHSecurity – slightly betterSteveRaganTTH$3curity_ - getting warmerDyrvrTahamYYJ$#vitoyu – best example…notice the pattern?
The trick to the pattern is to make it so you can type it fast, and that no one can guess it. This means you cannot write down the password, nor can you share it with others. Also, not all patterns need to be as complex, use something that works for you, and stick to it.
There are so many tricks for passwords; you can spend a long time researching them. Simply pick one that works for you and make it strong. If you want to test your password, a good testing tool comes from Microsoft. You can check what you currently use here.
Password management software
Password management software can come in handy if you have a lot of accounts online and are having trouble remembering passwords to all of them. While not a replacement for solid password creation, or an excuse to use a poor password, they can help relieve some of the stress.
Of all of the password management tools we have seen in The Tech Herald labs, the one that impressed the most is a solution from PassPack.
PassPack works with your browser and their online account management system. Unlike other password management solutions that are often touted in the press, PassPack clearly tells you in their terms of use, you cannot use the service for bank passwords or other financial information. This is a huge security bonus, as you should never use storage services for this information.
Along with using your browser to access account information with PassPack, they offer a desktop application as well.
Give them a look if this is something you are looking for.
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)