A good password is something that cannot be easily guessed and should not be a dictionary words
In the previous article that discussed about internet network security threats, the Brute force and dictionary is one of the threats we need to be aware of. A brute force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols. A dictionary attack is an attempt to discover passwords by attempting to use every possible password from a predefined list of common or expected passwords. The best practice in using a strong password is strongly recommended. Especially when you browse the internet at the public hotspots with your laptop, you need to follow the guidelines in working securely in public hotspots, and laptop security guidelines as well.
The Need to Know Principle means that you are provided with access to information and other resources needed for you to do your job. No more – no less!
Password Cracking Tools
Password security guidelines must be enforced to the users, why? A good password is something that cannot be easily guessed and should not be a dictionary word. There are password-cracking tools available on the Internet that can crack dictionary word passwords very easily. These cracking tools include multiple languages, so don’t think that you are safe by using a standard word translated into another language. A password with a word followed by numbers (e.g. gamers22) is also not suitable because the cracking tools can be programmed to search for passwords of that type.
What Is A Good Password?
First guideline in password security is selecting a good password. A good password is something that cannot be easily guessed.
- A mixture of: upper and lower case letters; numbers; and symbols
- At least 8 characters
- Should not be written down at any time
- Should not be shared with anyone else.
What is an easy to guess password?
Knowing common passwords that are easy to guess is a good thing in password security guidelines. An easy to guess password is a word that you have chosen that is related to something that is commonly known about you or could be easily ascertained.
Easy passwords could include:
- Your favorite stuffs
- Your nickname
- Your favorite sports team
- Your pet’s name
- Your family name or members of your family or friends
- Your date of birth
Don’t choose a password that can be easily associated with what is known about you!
Password Matrix
The use of a password security matrix can help you choose a hard to guess password and help you remember your password, so you don’t have to write it down.
| A | B | C | D | E | F | G | H | I |
| \ | | | = | + | ) | ( | * | & | ^ |
| J | K | L | M | N | O | P | Q | R |
| 1 | 9 | 4 | ! | # | $ | ^ | ~ | 8 |
| S | T | U | V | W | X | Y | Z | |
| 5 | 6 | 7 | < | > | ? | / | ; |
The password security matrix is designed to allow you to choose a password that includes a mixture of alphanumeric code and symbols. For example if you choose the word WIRELESS as your password, using the password security matrix above the password code becomes >^8)4)55
You can also use a mixture of both letters and numbers – WIRELESS using password security matrix example becomes WIR)4)55. You can develop your own password security matrix that fit to you.
Password Security guidelines
- A password should not be written down at any time!
- Your password should be known only to you – don’t tell anyone your password!
- Protect your password while entering it, by not letting other people see the keyboard while you are typing it! Ask visitors and colleagues etc, to look away!
- Ensure you virus scan all email attachments, Internet downloads, disks and CDs etc before opening the file. Also ensure that you do a complete virus scan of your hard drive regularly to ensure that a virus or other malicious program has not slipped through
- There are malicious programs available on the Internet that can log all of your keystrokes including your User ID and password, and send the information somewhere via your Internet connection. Just think, all the information that you type into your computer can be read by someone else.
- Hackers can also use the information gathered via these types of programs to log into your Internet bank account, steal your credit card number or other details.
- Please don’t use your work password for any other purpose such as logging into sites on the Internet. You do not know what security is in place on the site to protect the password.
Token Security
If you have a token that you use to access your computer, keep it secure at all times and don’t show it to anyone. Please do not leave the token lying around and certainly do not keep the token with your laptop if you have one.
This article and the previous article about instant messaging guidelines, the next article that is also essential to read is about careless talk security guidelines. Careless talk also means providing sensitive information inadvertently to someone who wants it for a specific purpose such as breaking into the corporate premises or computer systems.
See also:
- Information security management
- business continuity and disaster recovery planning
- A study case in risk assessment
Recent Comments