12 Practical Tips for Strong Passwords.
Secure passwords are one of the pillars in information security practice. Whether you are a home or enterprise users creating and managing secure passwords has become a daunting task that sometimes backfires at us.
In this article we show you twelve practical tips that will help you look at password creation and management in a different way, thus easing the whole process and allowing you to stay in compliance.
It takes seconds to hack most password, that's why a conscious approach needs to be put in place to make sure your passwords are hard to hack even if your system is compromised.
Lastly, successful security is a layered approach. Whether you are a home user, small business, or a large corporation there are tools and security procedures that can be implemented mitigate the likelihood of a breach.
Here's the list:
1. Think of a Pass Phrase: For years people have used single words for password, not only do they use single words but they use common words that can be found in dictionaries. It doesn’t take long to crack password with common characters 1-0, a-z, A-Z and if the perpetrator has the right rainbow tables the process might take seconds.
So the first advice for strong password is think of pass phrase, instead of using “Monday23” as a password you may try “2 weeks ago on Monday tHe 23 rd, I joined the meeting @”
2. You can use special characters: Yes, password are not limited to just letters and numbers. You can use special characters such as: !@#$%^&*()_+”., you can use spaces and anything in the ASCII special character chart.
3. Don’t just relying on substituting letters for special characters: for example substituting the letter “a” for the “at” sing (@), or number zero (0) for the letter “o” if you are using common words, i.e. Instead of using “Password” you use “P@ssw0rd”, though technically more secure it’s very easy to crack.
4. Don’t add an extra character when changing your password: i.e. Tr@Ff1c, when updated: Tr@Ff1c1, Tr@Ff1c2, Tr@Ff1c3, etc.. but rather come up with a new password. Adding an extra letter to a previously used password makes it more vulnerable to brute force attacks.
5. Avoid words that are familiar to you: avoid things such as: spouse name, children names, birth dates, pet’s name, work and industry related words.
6. Use a password generator software: You don’t have to spend 5 minutes trying to come up with the strong password. Use a password generator, some have more bells and wizard than others but all of them accomplished the goal of strong passwords.
Just to mention a few:
7. Use a Password Manager: this is especially useful when you have multiple accounts. A password manager is a centralize location for you to store all your passwords, usually a master password is created to unlock the database where all passwords are stored. There are plenty of Password Managers available in the open source and commercial market, you can do simple search for password managers and explore the option.
8. Use two factor authentication: something you know (a password\pin) + something you have (keyfob, code, etc.). Those combination are use with your user name. Many financial institutions use multi factor authentication and many online services provider are following suit. Google has an option for a two factor authentication for users to access their services (http://www.google.com/landing/2step/)
9. Erase any password document, email, history, etc: Many people have a “password document” or an email where they store all their account information. Remember, it can be substituted with a password manager but do your due diligence and remove anything containing your password references.
10. Be Careful where you access your accounts from: be extra cautious when using public computers, it does not take much to have a keystroke logger running in the background. This is where two factor authentication comes handy, even if your password is compromise they still need your code to access the account
11. Don’t use the same password for different accounts: this will help minimize the damange in case one of your accounts was compromised
12. Check if your credentials have been compromised: you can check sites like "Have i been Spawned" https://haveibeenpwned.com/ to check if your credentials were compromised through a security breach.
Even though this article is about password security you can’t overlook other security measures such as: antivirus, firewall, IPS/IDS, disk encryption, file and folder encryption, and email encryption. After all, nothing is really accomplished if you have a strong password and poor endpoint secuirty because your system could be compromised and a keystroke logger installed.
We help companies and individuals secure their data and systems, we develop and implement solutions that adapt to every situation and budget. Contact us for more information about our security services and solutions.
We are a Managed Service provider servicing businesses in New York and Northern New Jersey. We specialize in network and information security services for the small and mid-sized market. Our reliable and cost effective solutions and services help businesses of all sizes be prepared against cyber security threats. We offer onsite support to businesses in New York City and Nothern NJ, we offer remote support nationwide. Our services range from the desktop support, pc repair, server setup and administration, data recovery, data cabling, computer security, firewall implementation, to router and switching configuration. You can count of us for the best New Jersey computer support and Midtown NY computer services.