Friday, September 17, 2010

How Do You Create and Maintain a Strong Password?




People who use computers on a daily basis are repeatedly asked for passwords. Individuals, for security purposes, are required to enter a secret word or phrase when they power-up their workstations. Employers, also, routinely require authentication to company workstations. Even Internet web sites ask us for our uniquely identifiable pass code before allowing access to our on-line accounts. We are presumably providing better security and protection for our confidential information when we using passwords.
Most users have the freedom to select their own password or phrase. But do you know how to create and maintain strong and robust passwords? Computer and network security best practices require that everyone knows how to do so.
The password is truly our front-line security tool to prevent unauthorized access to our information resources. Individual computer owners should know how to create strong and complex passwords. A business owner should also be aware and even consider creating a company-wide password policy and educating employees on how to follow through upon it. The alternative is to risk an unauthorized person gaining access to your valuable information resources.
A strong password, generally, should be longer in length (i.e. between 8 and 14 characters or more) rather than shorter, contain both upper and lowercase alphabetic letters as well as specialized alphanumeric characters. An example of such a password would be: SaM#XXxx5%.
A passphrase may also be used and tends to be more complex than a password and usually provides even better security. A passphrase might also be easier to remember. An example of a "passphrase" that can be easily remembered might be one that includes special characters such as: $4Lillies^Grow#Tall%intheSummer.
© Alliant Digital Services - 2010
Regardless of a password or passphrase's strength, you should avoid writing it down or sharing them with others. Avoid using passwords or phrases that have their origin in the popular culture. You should also avoid including personal information in your password (i.e. your birth date or a pet's name).
Passwords or passphrases should be changed frequently to remain viable and be unrelated to any previously used passwords. For example, avoid replacing one password such as "Jim's$PassPhrase$" with a new password that is similar such as "Jim's$NewPassPhrase$".
Computer users should also avoid using common words such as "vegetables" or "fruit" as passwords.. Crackers or others who are trying to gain access to your information assets can easily use off-the-shelf programs to conduct what is known as a "dictionary attack". Modern day computers can literally test every word in the dictionary in an attempt to identify your password.
Consider checking the strength or robustness of your password. Microsoft™ provides a useful on-link password-checking site. It's URL is shown below:
The purpose for using passwords or passphrases is to help assure the confidentially, integrity and availability of information assets. A prudent infrastructure owner and computer user may want to consider using additional techniques to improve user authentication.
You can learn more about securing your computer and information assets by visiting http://www.computer-security-glossary.org/.
Dr. William G. Perry is computer information security specialist and has taught information systems security at both the undergraduate and graduate levels and coordinated numerous information warfare projects and presentations with the federal government. Among the agencies with whom Dr. Perry has been associated is the Office of the Director of National Intelligence, the Department of Defense and the Federal Bureau of Investigation.
Alliant Digital Services which is a newly formed organization that focuses upon providing a high quality of information assurance services to individuals and organizations who must secure their mission critical data in an asymmetric threat environment and comply with national and international information security standards (i.e. COBIT, ISO 17799, ISO 27000, FISMA, HIPAA, ePHI and the new passed High Tech Act).
Alliant Digital Services established a free web site to help disseminate information related to computer security. That site can be found at http://www.computer-security-glossary.org/.

No comments:

Post a Comment