Back in 2004, at the RSA Security Conference, Bill Gates proclaimed the password is dead. His statement may have been premature but his assessment is accurate. He told his audience that the password can't meet the challenge of keeping sensitive information protected, saying "People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."
The art of creating secure passwords can be quite easy. Any sysadmin will tell you, the challenge comes in getting people to use secure passwords. Even the most protected networks can be thwarted by someone using simplistic credentials. Put into proper perspective, the only barrier between you and your data, is your password. Isn't it worth the time to make sure it's secure?
Here are a few simple steps to make sure you're protected.
- Don't Use Personal Information - Any novice can easily figure out your full name, names of your spouse or children, your pet cat "Mr. Whiskers", or your favorite sports teams. Never use a password that has anything associated to you.
- No Dictionary Words - In addition to not using personal information, it's important not to use any words found in the dictionary. Passwords like that can be easily cracked by password software.
- Mixed Characters - Passwords are usually case-sensitive, so mix both upper and lower case letters to make it more difficult. Just capitalizing the first letter is not sufficient. For example, use "paSswoRd" to make it more complex. Better yet, throw in some numbers and special characters to substitute for letters, and do "p@Ssw0Rd".
- Don't Use the Same Password for Everything - It's common for most people to use the same password for all accounts. It does make it easier to remember. But what if your password was compromised? Then ALL of your accounts would be vulnerable.
- Use a Passphrase - Take your favorite line from a movie, song, or something memorable to you and convert it to a passphrase. "PinkFluffyBunny" is a pretty cool passphrase but consider this better example: ##1PinkFluffyBUNNY##The above example has the following:
- It meets common password strength criteria to include upper and lowercase letters, a number and a symbol
- It combines multiple words, numbers and symbols to create a unique phrase
- It is memorable for the user
- Use a Password Management Tool - Use a password management tool to store complex passwords. This enables you to use stronger passwords for various web sites, accounts, and applications without having to remember them all. Windows has included a Credential Manager utility since Windows XP that lets users save passwords and provides a single sign-on solution. Logging in to Windows unlocks the vault and automatically applies the credentials from the vault as needed to access sites and applications.
The Time is Now
The sheer volume of attacks proliferating the Internet and business headlines should be a wake-up call to anyone using a weak password. Now is the time to practice vigilance, both professionally and personally, to secure your accounts.
Have a computer topic you would like see covered? Leave a comment below or send me an email.
No comments:
Post a Comment