A Guide To Better Password PracticesMake them long. Longer passwords are obviously harder to crack. Make sure you're consistently exceeding the minimum length requirement on passwords that you pick. Incorporate special characters. Use non-alphabetic characters (!@?_) and numbers, when possible.The pseudo-random password is one of the easiest to remember and hardest to crack password methods. The actual password is generated from an easy to remember phrase or sentence that is important to the user. This phrase can be the words from a book that you like, a song that you easily remember, a statement that that you will never forget. The key to a successful password is to create a phrase that is easy for you to remember, but no one else will ever think about attributing it to you. See examples below:
I drive a 1972 Volkswagen! = IDA72VW! Living At Home Since 1972 Saving Money = L@HS72S$ Four score and seven years ago our fathers brought forth = Fs&7yaofbF Twinkle, twinkle, little star how I wonder what you are = TtlsH1WwuA
Don't use the same password for everything If someone successfully cracks one password, it'll be the first password he guesses for the rest of your applications. Make sure you're using several different passwords to prevent this from happening.
Private - online banking Personal - email accounts Public - social networking Business - corporate email, web, and vpn access
Change passwords when you set your clocks forward/back and change out your smoke detector batteries. Change passwords immediately upon suspecting/finding out that a password has been compromised. (Change ALL passwords)
- Don't use Personal Identifiable Information (PII) in your password like:
Full Name | Pet's name | Birthday | Favorite Hobby | User name | Child's name | Alma mater | Hometown team | CAP ID Number | Student ID | Mailing/Home Address | License Plate Number | Telephone Number | Birthplace | Email Address(es) | Age | Favorite Place |
|
|
|
- Don't use any of the top hacked passwords like:
password | baseball | sunshine | ninja | 123456 | football | 696969 | jennifer | 12345678 | welcome | abc123 | 111111 | 1234 | letmein | mustang | jesus | qwerty | trustno1 | iloveyou | superman | 12345 | monkey | shadow | harley | dragon | secret | master | 1234567 |
Consider using a password manager (password vault) application to protect and help manage your many passwords, if you have many applications that utilize passwords. All password managers have one thing in common: They require you to remember one complex password. Below are links to several password managers:
Never write down your passwords. Creating a very strong password and writing it down on a paper is as bad as creating an easy to remember weak password and not writing it down anywhere. Never write down the password on a paper. If you must carry your password along with you, use a password manager tool that runs from USB stick, and take that with you all the times. Don’t share with anyone. Anyone includes your friends and family. Probably you might have heard the phrase “Passwords are like underwear, don’t share with anybody”. We teach our kids several things in life. Teaching them about online safety and not sharing the password with anybody should be one of them. Don’t type your password when someone is looking over your shoulder. This is especially very important if you type slowly and search for the letters in the keyboard and type with one finger, as it is very easy for someone looking over your shoulder to figure out the password. Never send your password to anybody in an email. Hackers are known to send emails as a support person and ask for your user name and password through email. Legitimate organizations will never ask you for your username and password either via email or over telephone. Don’t use the “Remember password” option on browser/applications without setting the Master Password. If you don’t set master password on that browser/application, anybody who uses your browser/application can see all the passwords that are stored in plain text. Also, be very careful with this option and say ‘Not Now’ in the remember password pop-up - when you are using a system that doesn’t belong to you. Don’t type your password on a computer that isn’t yours. If possible, don’t use someone else computer that you don’t trust to login to any website, especially to very sensitive website such as banking. A common tactic for hackers is to use key loggers that will log all the key strokes on a system, which will capture everything you type - including passwords.
References: http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/
http://www.thestar.com/business/2012/07/13/alleged_yahoo_hacking_yields_10_passwords_you_shouldnt_use.html http://lifehacker.com/5180925/password-lessons-and-tips-from-our-readers http://www.totaldefense.com/blogs/security-advisor/2012/01/24/password-best-practices.aspx http://its.psu.edu/be-safe/password-best-practices https://itservices.uchicago.edu/page/good-password-practices# http://www.zdnet.com/blog/security/25-most-used-passwords-revealed-is-yours-one-of-them/12427 http://gizmodo.com/5954372/the-25-most-popular-passwords-of-2012 http://www.informationweek.com/security/client/10-top-password-managers/240153906
|
|