All about Passwords

Why are passwords so important?

Quite simply, passwords are important because they protect our personal and professional information. We may find them annoying but they are often the frontline of protection against hackers and a critical part of our computer security. If you use a computer that is connected to the internet then password security is essential and should not be ignored. Here are some tips for creating strong passwords. Please review them and think about reinforcing some of your passwords if they fall short.

 In general, a strong password has the following attributes:

  • a minimum length of eight (8) characters; and
  • a mix of upper and lower case letters ; and
  • at least one numeral; and
  • at least one non-alphanumeric character such as such as ! $ * % @ # & -;

A weak password increases your vulnerability to hackers so avoid passwords that are easy to guess or crack.

Here are a few tips on what to avoid:

  • DON’T use dictionary words (mackerel, dandelion, millionaire)
  • DON’T use foreign words (octobre, gesundheit, sayonara)
  • DON’T use simple transformations of words (tiny8, 7eleven, dude!)
  • DON’T use names, doubled names, first name and last initial (mabell, kittykitty, marissab)
  • DON’T use Uppercase or lowercase words (MAGAZINE, licorice)
  • DON’T use an alphabet sequence (lmnop) or a keyboard sequence (ghjkl;)
  • DON’T use words that have the vowels removed (sbtrctn, cntrlntllgnc)
  • DON’T use passwords that increment (Password1, passsword2, password3…) are not strong.

Never give out your password or any personal details to anyone. A password should be known only to you as it provides access to your personal and professional information.

The advice from Apply and Microsoft these days is to use the initials of a song or phrase that you can easily remember but others are unlike to guess. For example…I like Paris in the Springtime could be iLp!t5@*… Or Somewhere over the rainbow can be 5w0Tr8oW. Please do not use these examples.

Of course, while a strong password is an important security tool, your password could still fall into the wrong hands. Hackers can still get your password or evade it completely by using sophisticated software tools or by tricking you into disclosing your passwords with email confirmations and requests (phishing).

In addition to maintaining a strong password you should always employ good security systems. Your work and home computers should be protected with good antivirus and antimalware programs and always stay away from bad sites. If you go to a website where you can download illegal software , use torrents or visit dirty sites etc. you are much more likely to be hacked. Also, be wary of using passwords on public computers or when you are connected to a public wifi account. Public computers may not be secure(airports, internet cafes etc.) – they could have key-logging software installed and may be recording your password as you type it. Also, with public wifi, others who are connected to the same wifi have the potential to watch your activity so be careful what you do.

If you think any of your online passwords have been compromised, change them immediately. If you think your computer has a virus or malware, immediately change your online passwords on a different uninfected computer. Do not enter any passwords on your infected computer until it has been cleaned.

Every organisation should have an Internet Acceptable Use Policy or Password Security Policy for users of their computer systems. If you would like a copy of IT Masters Internet Acceptable Use Policy to adapt to your organisation please email Cath at cathb@itmasters.net.au. We would be happy to share this with our customers.

 

References

Microsoft Safety and Security Centre – Creating strong passwords
https://support.microsoft.com/en-us/windows/create-and-use-strong-passwords-c5cebb49-8c53-4f5e-2bc4-fe357ca048eb

The Simplest Security: A Guide To Better Password Practices
http://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices

Personal Security Guides
https://www.cyber.gov.au/acsc/view-all-content/advice/personal-security-guides

Montana State University – Good Password Practices FAQ
http://www.montana.edu/uit/computing/desktop/password.html