Discussions of password length may seem rather passé these days. Internal and external auditors have long suggested the use of lengthy passwords to help fortify the primary authentication system in today's operating systems.
The old recommendations of six-character passwords have been updated to reflect today's times — eight is currently the standard recommendation. In some cases, you may hear cause for an even longer password, as long as users won't be tempted to write it down.
Suggestions for stronger passwords
-
Make your password exactly seven or 14 characters long.
-
Do not use known words or usernames in your password.
-
Include special characters (!@#$%*) and numbers in each seven-character half.
-
To increase password strength, use a non-printable ASCII character within the first seven characters. For example, within the password "secret," embed an ALT character by holding down the ALT key while pressing the 1, 2 and 9 keys on the numeric keypad. NOTE: for laptop users, activate numlock and use the j, k, l, u, i and o keys that correspond to the numeric keypad.
-
SPECIAL BONUS HINT: If you have an account called "test," and it's an administrator-level account, don't give it a password of "test." (Don't laugh, this happens more than you'd like to know.)
Think passphrase instead of password
When creating a new password, think about this secret as a passphrase, not as a password. Passphrases tend to be longer items that resemble a sentence — as a result, they are easy to remember and don’t need to be written down. A sample passphrase: I like to drive my little red truck. Since passphrases include capitalization, punctuation and spaces, they meet the minimum password complexity requirements and are less likely to be cracked.
Making changes like this requires educating users, which is not an easy feat for most organizations. The system is rarely at fault when a hacker cracks a password to get into the network. Rather, this is a social engineering issue, meaning we have to make a culture change in our own organizations. Although easier said than done, employees can be educated. What is one way for an organization to enforce the policy? Include it in employee performance reviews. Old dogs can learn new tricks.
Use these steps to develop a strong password:
- Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as "My son Aiden is three years old."
- Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.
- If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you've created to create a new, nonsensical word. Using the example above, you'd get: "msaityo".
- Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Aiden's name, or substituting the word "three" for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become "My SoN Ayd3N is 3 yeeRs old." If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like "MsAy3yo".
- Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of "MySoN 8N i$ 3 yeeR$ old" or a password (using the first letter of each word) "M$8ni3y0".
|
Cabling, Routers
Cable, DSL
IP Phones and PBX
