Tuesday, September 25, 2012

10 Great Password Tips

  • I have noticed in my readings lately that more and more systems are being compromised as a result of poor, or misused passwords. So I’ve decided to offer a basic Password primer.

    Let’s start with 10 tips for creating and using strong passwords:

    1-The best passwords use a combination of words, numbers, symbols, and both upper- and lower-case letters.

    Example time-“1wnuSTn@pE!” is a great password; but how do I remember it? Yes how do I, I'll tell you later.

    2-Never use your username as your password.

    Time for a true story-I once cracked a friend's laptop because his logon was his first name and his password was the first letter of his first name. Hacking really is just that stupid easy sometimes!

    3-Never use easily guessed passwords, such as “password”, “secret”, “Jehovah” or “user.”

    Time for a question-Do you think “ncc1701D” is a good password? Why or why not?

    4-Never use passwords that use information that probably isn’t as secure as you’d think, such as your birth date, your Social Security or phone number, or names of family members.

    Food for thought-Who uses their initials and pieces of their SSN as a password? Is this a good idea?

    5-Never use words that can be found in the dictionary. Password-cracking tools freely available online come with dictionary lists that will try thousands of common names and passwords. If you must use dictionary words, try adding a numerals to them, as well as punctuation at the beginning or end of the word (or both!).

    Example time-I love the Iliad; I once used “Diomedes” as a password; he’s a character from the Iliad. I was smart though and used “D10medes” as the password substituting the “1” and “0” for the” i” and “o”.

    Do you think this is a good password?

    Could I have done anything to make it better?

    6-Never use simple adjacent keyboard combinations: For example, “qwerty” and “asdzxc” and “123456″ these are horrible passwords that are so easy to crack.

    Question-Do you think that “@3edcvfr4%is a good password? Why or why not?

    7 easyse their initials and pieces of their SSN as a password? Is this a good idea?sword was the first letter of his first name.-Use passwords that are at least eight characters long, longer is better. Each character you add to a password makes it much harder to attack with a password cracking tool.

    True Story-I used a password cracking tool to crack the password “D10medes” in under 6 hours. I changed the password to “D10m3d3s&!” and the same tool was not able to crack it.

    Extra Credit-Can you guess what word this password really is and where I got it?

    8-If you have trouble remembering your passwords, try replacing certain letters in the word with look-alike numbers. For example, the password “Mississippi” is more secure when typed as “M1551551pp1.” Another useful and better way of remembering and creating strong passwords is to use the first letter of each word in a phrase from a favorite book or song.

    Example time-“I will never use Star Trek names as passwords; Ever!” could be written as“1wnuSTn@pE!”.

    Is this a good password?

    Is it relatively easy to remember?

    Oh and “ncc1701D” is the hull number of the Star Ship Enterprise, a bad password.

    9-It’s just a bad idea to use the same password at multiple Web sites; and never use the password you’ve picked for any work place account at any online site. If you do, and one of them gets compromised then you risk having every account you own being compromised.

    True Story- A file storing/sharing web business, recently admitted that their corporate website was attacked successfully and compromised. The compromise occurred because an employee’s password was cracked on a social network site. This employee uses the same password for everything so the workers account was compromised. This allowed the attackers to take customer passwords and accounts which were then used to attack personal email and bank accounts.

    All because these users used duplicate accounts and passwords for multiple sites and functions.

    10-All of this probably just seems so overwhelming, different passwords and accounts, and they all need to be difficult to guess; what can you do?

    Do what we, the security experts, do!

    Use a personal password vault or manager. There are numerous freeware password vaults available. The great thing about using a password vault is that you really only need to remember one password. That password can be a really difficult pass phrase that is easy to remember but very hard to crack or guess.

    Example time-I also like the Lord of the Rings; you could have guessed that. So how about this for a password; “One Password to read them all and in the Vault to hide them
    Applying what we have learned this becomes; “1P2rta&itV2ht” which is nigh impossible to crack.

    A FREE shopping list:
    KeePass Password Manager
    iPassMan Password Manager
    MobileWitch Pass Safe

    There you have it. Ten tips that will help you create and remember passwords extremely difficult if not impossible to crack. “10ttwhUc&rpedini2c