Wednesday, August 31, 2011

How To Make Your Password Secure

Okay. Yes. This is a boring and tired old topic. But among other recent news stories, the Morto threat once again drove home the point that we must choose our passwords very carefully.

In a business setting, it is important to avoid the default passwords for any service or application. Many products including popular operating systems, system utilities, database systems, communications software and other applications are delivered with the same default password, or worse, no password.  If you doubt this check out this table. As soon as these systems are installed all passwords should be changed. The Morto worm is only successful because it uses knowledge of "likely" passwords and finds entry where these common passwords are still in place.

An awful lot of malware is clever about guessing likely passwords using personal information or information socially engineered from you, your friends or publicly posted. Using the name of your pet, home address numbers or children, while easy to remember, is not particularly hard to guess.

Whether in an office, at the airport or at home, your user account and password may be the only thing standing between you and some unscrupulous individual who would love to have access to all of your programs and data.

Here is a simple way to make passwords that are still relatively easy to remember but will be much more difficult to crack.

First, you must include several elements in each password. It should contain both upper and lower case letters, some numbers and a special character such as a $, ! or +.  Not all systems will allow you to use any special character so you may have to conduct a little trial and error to find a good one.

Next, you want the password to be at least 8 characters in length.  The longer a password is the more difficult it becomes to cycle through all the possible combinations of letters, numbers and characters. Keep in mind computers today are extremely fast and powerful so while it could take a human years to try a few thousand combinations, a computer can do it in minutes.

Last, make the password something easy for you to remember. For example, you might have access to a document library. An easy password you might associate with library would be "bookworm."

Now let's morph this easy to remember word into a more secure password. Change the B and W to upper case. Make the O a numeric zero and put a plus (+) sign in the middle. Now our password is B00k+Worm. This will be much harder to crack.

Think about all of your passwords and whether someone could guess enough about you to stumble upon the combination of words or numbers you are using. As we put the sumer behind us and head back to our daily routines are home or at work it may be a good time to get a little more creative and be a whole lot more secure.

Captain Joe


Follow me on Twitter @JPuglisiLLC