Practically Networked Home Earthweb HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router and by extension, your network is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.

Don't Fall Prey to Lazy Password Practices

Building strong passwords helps you protect both business and personal data from unauthorized access. But passwords are meaningless if they are too simple or written down where other can access them.

Ronald V. Pacchiano

Earlier this week I was at a client site setting up a PC for a new user. Everything was going fine until the system needed to be authenticated to the network. In order to accomplish this, you need to be using an account with administrative privileges. The one I was using didn't. This meant that I would need to have the office manager handle this part of the installation for me. Unfortunately, though, when I went to get her I discovered that she was in the middle of a meeting and could not be disturbed. This meant that for the moment, there was nothing left for me to do, other than perhaps get some lunch.

Just as I was getting ready to write her a note regarding my whereabouts, I noticed something attached to the base of her monitor. Can you guess what it was? That's right: a yellow Post-it note with her password written on it. Right out in the open for anyone to see. Since her password was available, I used it to finish setting up the new PC.

What's That Term?
Not sure what a particular term means? Check out the searchable PracticallyNetworked Glossary.

Despite the fact that her carelessness proved helpful for my situation, the fact remains that the password to her administrative user account was left out in the open, completely unsecured and accessible to anyone who stepped into the room — whether that be a cleaning person, a visiting guest or an employee with a grudge. No matter how you look at it, this is a very serious breach of security and has potentially disastrous ramifications.

However, this scenario is not a unique one. I have seen this type of behavior displayed by employees in companies both big and small, and at various management levels. The biggest offenders are typically older office associates or absent-minded CEOs who can't be bothered with such petty things.

No matter how often I run across this, it never fails to amaze me at how careless people can be with something as important as password security. Proper password management is crucial to maintaining the security of your network. The way it works is simple, your network account provides you (and theoretically ONLY you) with the means to access confidential and potentially damaging network resources, while simultaneously denying the same access to anyone who isn't authorized to be viewing or using them. The only thing that maintains this secured environment is the diligent protection of your user account. And the only thing protecting that is your password. This is why you need to protect your passwords, make them strong and change them frequently.

In case you need a little motivation, here's something you might not be aware of. Did you know that you are accountable for ALL activity conducted on the network with your user account? Sharing your password potentially makes you accountable for the activities of others, and in most cases, is a major violation of a company's security policy. In some cases it can even be grounds for dismissal. Also, depending on where you work and the type of resources you have access to, a breach in network security due to your negligence could expose you to potential criminal charges as well.

It's in your best interest to change your password to one that complies with the established guidelines for strong and secure password creation and then adopt responsible practices for keeping it from falling into unauthorized hands.

To that end, your password should never have any of these characteristics:

  • personal data such as a child's name, birthdays or a favorite possession
  • use anything easily guessed, repetitive or running in sequential patterns ("111111", "123456", "abc123")
  • comprised of more than three consecutive letters from your network account
  • be less than six characters long

And, most importantly, don't ever write down your password in an unsecured manner or share your current password (or even a previous password) with anyone. Not with your boss, not with a co-worker, not with your administrative assistant. Even your IT team would never need to ask you for your password. If needed, they could reset it.

What Makes a Password Strong

Now that we know what not to do, we have to ask the question "what constitutes a strong password?" In order to ensure maximum protection, your passwords should be at least eight characters long. Microsoft recommends at least six characters, but eight characters will be significantly harder to crack. For optimal security, they should also contain a mix of alpha-numerical characters, in both upper and lower case, as well as special characters like !#%$&.

Ideally, it shouldn't even be a real word; just random characters. The more random the sequence of characters, the more secure the password will be. An example of a secure password would be something like"Hgs3@4j55nKX!s!". This password is 15 characters long and contains a combination of numbers, symbols, upper and lowercase letters. Also, since it's long and totally random, it will be far tougher for someone to hack.

Regrettably, though, most users don't conform to these guidelines. The primary reason for this is simple. A proper password is generally so complex that most people can't remember it without writing it down. However, a strong password doesn't have to be hard to remember though — just hard for someone else to guess. To help get you started here are some tips for constructing a strong, yet easily remembered password.

Numbers for letters: Some numbers bear a strong resemblance to letters and vice versa. For example, the number"1" looks a lot like the letter "l" or "I". Substituting a look-alike number for a letter ensures your password won't be looked up in an online dictionary. The numeral "5" looks like "S," "2" can look like "Z" and "3" can resembles an "E"


Substitute special characters for letters or numbers: Concurrently, you can try substituting a "$" sign for a capital S, an "!" for a lower case l or upper case I. You could even use the symbolic version of a word. For instance, use a "$" for the word "dollar," "&" for "and," and "@" for "at" or vice versa.

Splitting Words: A simple word or phrase with some sort of significance to you can be a good starting point. You can then "split" the word with a number or special character. For example, I watch a show called "The War at Home". A good password based on this would be "War@H0m3".

Favorite Movie or Quote: Take a favorite song, movie or quote. Remove the first letter of each word, up to eight words. Throw away the rest. Example: Star Wars: The Empire Strikes Back, Episode 5. This could be "SWt3$be5".

Foreign Language: For those of you fortunate enough to know two languages, try mixing two words from different languages. (Can't really help you here, but get creative)

As an added precaution, Microsoft recommends you change your passwords every 90 days. A server can be configured to prompt you when your network password is about to expire and will prompt you to change it when the time comes. In most cases, you'll have up to 14 days to make the change. Hint: Whenever possible, try to reset passwords on a Monday. This will give you the rest of the week to dedicate them to memory.

Please remember, building strong passwords helps you protect both business and personal data from unauthorized access and passwords are meaningless if you write them down and leave them somewhere easily accessible by others. I cannot over emphasize the importance of this enough. Proper password creation and management isn't as daunting a task as you might think. Whenever you need to create a password just remember these three simple rules.

Your passwords should be:

  1. Easy to remember
  2. Difficult for others to guess
  3. Most importantly, never shared

I hope you found this helpful!

Add to | DiggThis

Use our feedback form to submit your questions on home or SOHO networking issues. Please be as specific as possible. We cannot guarantee to answer every question we get, but we’ll consider them all. Earthweb HardwareCentral earthwebdeveloper CrossNodes Datamation

Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums