« The Password Management Gameplan Webinar | Main | Password Server: In The Trenches - Users and Roles »

January 10, 2013

What Makes A Good Password?

2013-Jan-Keeping-Track-of-Your-PasswordsIf you are following the advice of many online security experts, then you have developed complex, strong passwords for each of your online accounts. By creating and installing a password on every account, you eliminate the risks involved in password reuse, where online individuals use a single (complex or not) password for every online account they have.

The national average for every online individual is a range of 20 to 25 separate online accounts involving their email account, Twitter, Facebook, and their banking institution. Additionally, they may have passwords for a workstation, cloud storage, customer information portal, and remote management system. However, to have a separate complex password for every account would require a mastermind to remember each one.

So how do individuals keep track of all of their passwords and make sure they remain safe and out of sight from inquisitive eyes. The process begins at the login. Typically, login credentials require to specific pieces of information, commonly the username and the password. Only by providing the correct combination can an individual have access into their account. Now that it is become the “best practice” for organizations and businesses to use the same username (usually an email address) across their online platform, the work of hackers has been made significantly easier.

Building a Strong Defense

Because most individuals use their email address as an online ID, they need to build a stronger stalwart line of defense against hackers, online attackers and cyber-criminals. Basically they need to:

  • Build Stronger Passwords
  • Change Passwords Often
  • Securely Store Usernames and Passwords

With many the most common passwords being the actual word “password”, and the number sequence of “12345”, it is not surprising that many millions of individual’s online accounts are hacked every year. Studies indicate surprising information about how easily penetrable most individuals accounts are. This information includes:

  • Approximately 30% of online users create passwords that are only six characters or less
  • Approximately 60% of online users typically choose a limited set of alphanumeric characters to create their password
  • Almost 50% of online users choose dictionary words, slang words, names and common phrases when developing their password

Hackers understand that many passwords are easy to guess. Users create simple passwords to access their accounts quickly without needing to remember complex login information. Through phishing scams and social engineering, hackers have enjoyed considerable success in harvesting valuable information that can be used to access banking websites to take any funds they desire.

Developing Password Policies

Online individuals and companies can easily develop their own password guidelines and create good password management skills to ensure a solid wall of security has been built around every account on the Internet.

The password guidelines should include:

  • Never using an identical password for more than a single site, or by more than a single person.
  • Never divulging your password to another human being.
  • Never allowing websites to save the password for you.
  • Anytime you enter a password on a website it should be displayed as a row of asterisks, and never the real character.
  • Make a point of changing your password at least every 90 days, or more often for all of your high-sensitivity & high-risk accounts.
  • Anytime there is a change in the office where an individual has left, everyone should voluntarily change their password.
  • Never recycle a password – always create a new one.
  • Anytime you believe your password has been compromised, change it immediately.
  • Whenever you are in doubt about the effectiveness or security of your password, change it immediately!

Building a Strong Password

A strong password will have at least eight characters, preferably sixteen. A nearly impenetrable password will have 30 characters or more. To create a strong password it is essential that it be built with a variety of characters including lowercase letters, uppercase letters, alphanumeric numbers, and all the varieties of special characters.

A good password will avoid:

  • Character strings (12345, abcde)
  • Simple patterns of the keyboard (QWERTY)
  • Historical or common places, names, slang words, dictionary words, slogans or common phrases
  • Any number or word that has personal significance including your child’s name, your phone number, your wedding date for other pertinent information

The Human Condition

Developing bad habits is just something the human condition is good at doing. Often, time-consuming laborious practices will take a backseat to an online user’s convenience. The best solution is to make high security methods as convenient as possible for the end user. Implementing lean two factor authentication or better yet, single sign-on can only work out better for all parties involved.

 


Posted at 08:00 AM in In the Trenches |

| |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e55005c8f98834017d3f44c39a970c

Listed below are links to weblogs that reference What Makes A Good Password?:

Comments

The comments to this entry are closed.

Search

Visit Our Company Website
Subscribe to this blog's feed

Categories

Archives

More...

Become a Fan