How to create Secure Passwords
Secure password are one of the pillars in information security practice. Whether you are a home or enterprise users creating and managing secure passwords has become a daunting task that sometimes backfires at us.
In this article we show twelve practical tips that will help you look at password creation and management in a different way, thus easing the whole process and allowing you to stay in compliance.
1. Think of a Pass Phrase instead: For years people have used single words for password, not only do they use single words but they use common words that can be found in dictionaries. It doesn’t take long to crack password with common characters 1-0, a-z, A-Z and if the perpetrator has the right rainbow tables the process might take seconds.
So the first advice for strong password is think of pass phrase, instead of using “Monday23” as a password you may try “2 weeks ago on Monday tHe 23 rd, I joined the meeting @”
2. You can use special characters. Yes, password are not limited to just letters and numbers. You can use special characters such as: !@#$%^&*()_+”., you can use spaces and anything in the ASCII special character chart.
3. Don’t just relying on substituting letters for special characters, for example substituting the letter “a” for the “at” sing (@), or number zero (0) for the letter “o” if you are using common words, i.e. Instead of using “Password” you use “P@ssw0rd”, though technically more secure it’s very easy to crack.
4. Don’t simply add an extra character when changing your password, i.e. Tr@Ff1c, when updated: Tr@Ff1c1, Tr@Ff1c2, Tr@Ff1c3, etc..
5. Avoid words that are familiar to your life, avoid things such as: spouse name, children names, birth dates, pet’s name, work and industry related words.
6. Use a password generator software: You don’t have to spend 5 minutes trying to come up with the strong password. Use a password generator, some have more bells and wizard than others but all of them accomplished the goal of strong passwords.
Just to mention a few:
North password generator: https://identitysafe.norton.com/password-generator
Ramdon’s Password g
7. Use a Password Manager, this is especially useful when you have multiple accounts. A password manager is a centralize location for you to store all your passwords, usually a master password is created to unlock the database where all passwords are stored.
There are plenty of Password Managers available in the open source and commercial market, you can do simple search for password managers and explore the option.
8. Use two factor authentication: something you know (a password\pin) + something you have (keyfob, code, etc.). Those combination are use with your user name. Many financial institutions use multi factor authentication and many online services provider are following suit. Google has an option for a two factor authentication for users to access their services (http://www.google.com/landing/2step/)
9. Erase any password document, email, history from your computer. Many people have a “password document” or an email where they store all their account information. Remember, it can be substituted with a password manager but do your due diligence and remove anything containing your password references.
10. Be Careful where you access your accounts from: be extra cautious when using public computers, it does not take much to have a keystroke logger running in the background. This is where two factor authentication comes handy, even if your password is compromise they still need your code to access the account
11. Don’t use the same password for different accounts: this will help minimize the damange in case one of your accounts was compromised
12. Check if your credentials have been compromised: you can check sites like "Have i been Spawned" https://haveibeenpwned.com/ to check if your credentials were compromised through a security breach.
Lastly, successful security is a layered approach. Whether you are a home user, small business, or a large corporation there are tools and security procedures that can be implemented mitigate the likelihood of a breach. Even though this article is about password security you can’t overlook other security measures such as: antivirus, firewall, IPS/IDS, disk encryption, file and folder encryption, and email encryption. After all, nothing is really accomplished if you have a strong password and poor endpoint secuirty because your system could be compromised and a keystroke logger installed.
We help companies and individuals secure their data and systems, we develop and implement solutions that adapt to every situation and budget. Contact us for more information about our security services and solutions.
We offer onsite support to businesses in New York City and Nothern NJ, we offer remote support nation wide.