Mar 31, 2010

Password Best Practices

Password – Usage and Awareness

  • One of the main Security Breaches is because of using non – complex passwords.
  • Extreme care should be taken in choosing your password. If your password is not hard to guess, then someone may be able to access or steal your data. To protect your data and yourself to some extent, you must select good passwords and secure them carefully.
  • Users are solely responsible for protection of the systems they use. As a security measure, computer and network passwords should be changed regularly.
  • Using different passwords for different systems is a best practice so that the same password won’t automatically allow access to other systems.
  • Hackers have some utilities that can crack any password which are found in a dictionary.
  • The use of good passwords acts as a prevention against password guessing and also cracking attacks, and can make “brute force” attacks to become difficult to crack

Recommended when Choosing and Protecting Passwords

Make sure that your password is at least 8 characters.

  • Use password with mixed-combination (Alphanumeric). Do not just capitalize the first letter, or end with a number. The more complex a password, the longer it will take to crack.
  • Use a password that can be typed quickly, without seeing the keyboard. This will avoid other to look at the password when we type .This is known as “shoulder surfing.”
  • Change passwords regularly. It is advised to change the password at least once in a month
  • Try one of the following methods for password
    selection:
    Option 1: Select two words divided by a number or punctuation, like “Pl@nt&ati@n” or “l|0n&king”
    Option 2: This is the correct option for creating a difficult password without having to remember it. By choosing a portion of the keyboard to select the password. Select on a pattern for the password.
    For example, take the upper-left portion (which includes numeric)of the keyboard and select two lines using 1qa2ws

Not Recommended when Choosing and Protecting Passwords

  • STOP using the word “password” as your password, in any form (reversed, capitalized, or doubled). This might sound very simple but in live, users are doing this as a practice
  • Using names of people or places as a password which is easy to hack.
  • Using keys in the order like “ASDFGH”, or “1234” etc
  • Using passwords as words with vowels deleted,
    (Example: airplane -> rpln, or Super -> spr.
  • Using information easily obtained about you. This may include your first, middle or last name. These passwords are very easily guessed by someone who knows you.
  • Writing passwords in the places which can be viewed by others or in your work cabin. This is one of the most frequent ways where an unauthorized person gains access.
  • Using the passwords that you have already used
  • Sharing the passwords except during emergency circumstances. Make sure that password has been changed immediately after sharing.

Password Examples

Bad Passwords Description

passwordTwo dictionary words together
12345678Repeating sequence.
abcdefgRepeating sequence.
helloLess than 8 characters, and based on a
dictionary word with common letter/number
substitutions.
test1234Very common test or default password.
adminVery common default password.
gandalf1Based on the name of a popular character.
johnBased on the user’s name, too short, no
upper case or punctuation.
ydnicStill a proper name (even though it’s
backwards), too short, no upper case,
numbers, or punctuation.
Pepsi2Product name with numbers at the end.

Good Passwords

T*x4^B9n8 characters, uses numbers, punctuation, and upper and lower case letters.
g@F”Pl4CeTwo words, separated by punctuation, using upper and lower case letters, and numeric substitution.
X0sf0V@ca8Two nonsense words, upper and lowercase
letters, and punctuation.
5tg^YH%TGSimple pattern that doesn’t require
memorization. Not based on a dictionary
work, uses upper and lower case letters, and punctuation.
*RUF8rufAnother pattern with appropriate characters.

0 comments:

Text Widget

Copyright © Vinay's Blog | Powered by Blogger

Design by | Blogger Theme by