cyber warrior US banner

Password Security

Why do we have Passwords?

 Passwords are a secret that each authorized user presents to verify their identity when accessing a system. Passwords limit access to resources to only authorized users.

Why are Passwords easily Cracked?
Most uses select a single password and reuse it across many sites, both corporate and personal. Most passwords are words that are easily found in a dictionary (e.g. letmein, qwerty, or baseball).  Passwords that consist of words easily found in a the users native language are susceptible to a dictionary attack.

What is the Risk?
If someone else can obtain your User Name (on commercial sites often your email address) and Password, they can damage information, access sensitive data, or gain access to other sensitive resources.  Often the password from one compromised site works on others (e.g. email).  The attacker can use on compromised account to compromise many more.  This could include wire fraud, damage to your credit, or loss of reputation.

Protective Measures:

When choosing a password, don't use words found in a dictionary, rather choose a passphrase:

1.  When developing a passphrase, choose a memorable phrase.  To prevent having to write it down, associate it with your site it will be used.

2.  When making your passphrase, do not non-repeating upper or lower case letters, use character substitution, and special characters.

Example passphrase for work: “I love my job!” could be entered as: !L0v3m1Jo8!

This example password has an expected cracking difficulty of:  1.74 hundred billion centuries. 

Safety Tips:

1.  You are responsible to keep your user name and password private at all times.  Never share it with a co-worker or family member.  if you must share if in case of an emergency, immediately change it once the requirement is over.

2.  If at work, Never share your user name and password with someone who does not have a network account or authorized access to the resource!  This is one of the fastest method for being fired know to IT.
 
3.  Never reuse a password on more than one site!

4.  If your password is less than 10 characters, consider changing it once every 6 months; if it is a passphrase of more than 10 characters, change in every two years or sooner as needed.

5.  To view the worst possible passwords to have, see the Top 500 Worst Passwords.

6.  To check the strength of your current passwords, visit the GRC Password Strength Checker.


Previous    Next