Don't Fall Prey to Lazy Password Practices
Building strong passwords helps you protect both business and personal data from unauthorized access. But passwords are meaningless if they are too simple or written down where other can access them.
Ronald V. Pacchiano
Earlier this week I was at a client site setting up a PC for a new user. Everything was going fine until the system needed to be authenticated to the network. In order to accomplish this, you need to be using an account with administrative privileges. The one I was using didn't. This meant that I would need to have the office manager handle this part of the installation for me. Unfortunately, though, when I went to get her I discovered that she was in the middle of a meeting and could not be disturbed. This meant that for the moment, there was nothing left for me to do, other than perhaps get some lunch.
Just as I was getting ready to write her a note regarding my whereabouts, I noticed something attached to the base of her monitor. Can you guess what it was? That's right: a yellow Post-it note with her password written on it. Right out in the open for anyone to see. Since her password was available, I used it to finish setting up the new PC.
Despite the fact that her carelessness proved helpful for my situation, the fact remains that the password to her administrative user account was left out in the open, completely unsecured and accessible to anyone who stepped into the room whether that be a cleaning person, a visiting guest or an employee with a grudge. No matter how you look at it, this is a very serious breach of security and has potentially disastrous ramifications.
However, this scenario is not a unique one. I have seen this type of behavior displayed by employees in companies both big and small, and at various management levels. The biggest offenders are typically older office associates or absent-minded CEOs who can't be bothered with such petty things.
No matter how often I run across this, it never fails to amaze me at how careless people can be with something as important as password security. Proper password management is crucial to maintaining the security of your network. The way it works is simple, your network account provides you (and theoretically ONLY you) with the means to access confidential and potentially damaging network resources, while simultaneously denying the same access to anyone who isn't authorized to be viewing or using them. The only thing that maintains this secured environment is the diligent protection of your user account. And the only thing protecting that is your password. This is why you need to protect your passwords, make them strong and change them frequently.
In case you need a little motivation, here's something you might not be aware of. Did you know that you are accountable for ALL activity conducted on the network with your user account? Sharing your password potentially makes you accountable for the activities of others, and in most cases, is a major violation of a company's security policy. In some cases it can even be grounds for dismissal. Also, depending on where you work and the type of resources you have access to, a breach in network security due to your negligence could expose you to potential criminal charges as well.
It's in your best interest to change your password to one that complies with the established guidelines for strong and secure password creation and then adopt responsible practices for keeping it from falling into unauthorized hands.
To that end, your password should never have any of these characteristics:
And, most importantly, don't ever write down your password in an unsecured manner or share your current password (or even a previous password) with anyone. Not with your boss, not with a co-worker, not with your administrative assistant. Even your IT team would never need to ask you for your password. If needed, they could reset it.
What Makes a Password Strong
Now that we know what not to do, we have to ask the question "what constitutes a strong password?" In order to ensure maximum protection, your passwords should be at least eight characters long. Microsoft recommends at least six characters, but eight characters will be significantly harder to crack. For optimal security, they should also contain a mix of alpha-numerical characters, in both upper and lower case, as well as special characters like !#%$&.
Ideally, it shouldn't even be a real word; just random characters. The more random the sequence of characters, the more secure the password will be. An example of a secure password would be something like"Hgs3@4j55nKX!s!". This password is 15 characters long and contains a combination of numbers, symbols, upper and lowercase letters. Also, since it's long and totally random, it will be far tougher for someone to hack.
Regrettably, though, most users don't conform to these guidelines. The primary reason for this is simple. A proper password is generally so complex that most people can't remember it without writing it down. However, a strong password doesn't have to be hard to remember though just hard for someone else to guess. To help get you started here are some tips for constructing a strong, yet easily remembered password.
Numbers for letters: Some numbers bear a strong resemblance to letters and vice versa. For example, the number"1" looks a lot like the letter "l" or "I". Substituting a look-alike number for a letter ensures your password won't be looked up in an online dictionary. The numeral "5" looks like "S," "2" can look like "Z" and "3" can resembles an "E"
Substitute special characters for letters or numbers: Concurrently, you can try substituting a "$" sign for a capital S, an "!" for a lower case l or upper case I. You could even use the symbolic version of a word. For instance, use a "$" for the word "dollar," "&" for "and," and "@" for "at" or vice versa.
Splitting Words: A simple word or phrase with some sort of significance to you can be a good starting point. You can then "split" the word with a number or special character. For example, I watch a show called "The War at Home". A good password based on this would be "War@H0m3".
Favorite Movie or Quote: Take a favorite song, movie or quote. Remove the first letter of each word, up to eight words. Throw away the rest. Example: Star Wars: The Empire Strikes Back, Episode 5. This could be "SWt3$be5".
Foreign Language: For those of you fortunate enough to know two languages, try mixing two words from different languages. (Can't really help you here, but get creative)
As an added precaution, Microsoft recommends you change your passwords every 90 days. A server can be configured to prompt you when your network password is about to expire and will prompt you to change it when the time comes. In most cases, you'll have up to 14 days to make the change. Hint: Whenever possible, try to reset passwords on a Monday. This will give you the rest of the week to dedicate them to memory.
Please remember, building strong passwords helps you protect both business and personal data from unauthorized access and passwords are meaningless if you write them down and leave them somewhere easily accessible by others. I cannot over emphasize the importance of this enough. Proper password creation and management isn't as daunting a task as you might think. Whenever you need to create a password just remember these three simple rules.
Your passwords should be:
I hope you found this helpful!
Use our feedback form to submit your questions on home or SOHO networking issues. Please be as specific as possible. We cannot guarantee to answer every question we get, but we’ll consider them all.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|