My point is that infosec professionals need to focus more on the compliance of good user-account hygiene than on the length of passwords. With all of these easy opportunities, computer accounts with good six-character passwords are only a trifle weaker than those with eight-character passwords. Organizations are rife with guest accounts, group accounts, accounts with no passwords, a lack of password expirations, passwords that can be easily guessed and opportunities to exploit technical weaknesses or perform social engineering. My response is this: Typically, hackers don't care about the length of passwords when choosing to crack open a computer account. Some have told me that six characters are insufficient, based on the time it takes to crack a password. Warning: Don't use any of the password examples that appear in this article!Ī note about password length: Some information security (infosec) professionals will bristle at ISO17799's recommendation for a mere six characters in a password. Because the purpose of a password is to ensure that only authorized. Do use at least 8 characters (and less than 20) when creating a password. Maintain a record of previous user passwords and prevent their reuse. A strong password is one that is designed to be hard for a person or program to guess. Use Strong Passwords Do make your password easy to remember. Require that passwords be changed at regular intervals.įorce users to change temporary passwords at the next log-on. They should be free of consecutive identical characters.Īvoid reusing or recycling old passwords. A combination of uppercase letters, lowercase letters, numbers, and symbols. They should be at least six characters long. Create strong passwords At least 12 characters long but 14 or more is better. According to the standard, here are some guidelines for passwords: Use a mix of alphabetical and numeric, a mixture of upper and lowercase, and special characters when creating your unique passphrase. Ask the IT department to implement best practices for password management in accordance with ISO17799, a widely recognized information security standard. Remember that your password is transmitted over the Internet in the clear, so you should try similar passwords instead of your actual passwords to get an idea of the characteristics of a good one.Īdopt ISO17799 password quality guidelines. ![]() ![]() This Web site performs calculations based on the complexity and "guessability" of your password and tells you how good your password is. A nifty feature of Password Safe is that when you double-click on a previously stored password entry, it silently copies it to the clipboard so you can paste in the password even if others are watching you type.Ĭheck the quality of your password at. ![]() All passwords are encrypted with the robust Blowfish algorithm. He can be reached at Web site is Store passwords in Counterpane Labs' Password Safe tool. As a consultant he provides strategic technology and security services to small and large businesses. Gregory, CISSP, CISA, is an information technology and security consultant, a freelance writer and an author of several books, including Solaris Security, Enterprise Information Security, and CISSP for Dummies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |