“What password should I use this time?” “Do passwords really have to be that intricate?” “I use simple passwords because I can’t remember complex passwords.” Do these questions and statements sound familiar? Maybe you are the one asking the questions, or maybe you are an IT manager who gets these questions asked all the time. In any case, this blog will focus on how to create a strong password that you can remember. It will also discuss policies that can be implemented by IT managers in order to ensure that all company employees have a strong password. Password overload
A study done by Microsoft Research in 2007 entitled, “A Large-Scale Study of Web Passwords Habits”, mentioned that “the average user has 6.5 passwords, each shared across 3.9 different websites. Each user has about 25 accounts that require passwords and types an average of 8 passwords per day.” I did a survey among our employees and the average accounts requiring passwords are 71! I personally use about 12 accounts a day, and they all have different passwords. So, it can be said that there is definitely a password overload. Although the human brain, which performs amazing functions each day is capable of remembering 12 passwords, we have become accustomed to speed dial or memory dial buttons. This is the reason why many users resort to simple weak passwords. What is a weak password? A word taken out of the dictionary, a pet’s name, a city name, the name of your favorite sports team, etc. What makes these passwords weak? The ability to crack them! Now, we won’t go into detail on how this is done, but the software to crack codes is highly available on the internet, all you have to do is Google “how to crack a password” and you get inundated with results.
Creating a strong password is not that complicated We all understand the devastating effects of someone accessing our private data, or gaining access to our e-mail. Companies, whether they are small or large can be affected by their data being leaked, or by false information being sent out through an email account or twitter account that has been compromised.
Now, I am not saying that the use of a strong password is all you need in securing your data, but it’s one of the first steps that need to be taken in order to secure your companies trade secrets, customer list, or any other sensitive data.
So, how to go about creating a strong password? A strong password will have at least 9 characters with a variation of upper case and lower case letters, symbols, and numbers. The best way for me to create a password that is both long and complex is to use a phrase. This is no trade secret and is something that most of the IT security companies and industry leaders recommend.
Let’s take the phrase “Monkeys eat bananas, mice eat cheese, and elephants eat peanuts.” easy to remember right? You can come up with your own phrase to make this step easier. Now let’s turn it into a password: M38m3c&E3p* – I used upper case and lower case, numbers, and symbols. To confirm my password strength I used the Microsoft password checker https://www.microsoft.com/security/pc-security/password-checker.aspx my password measure is “strong”.
How will I remember a complex password for each account? The key is to not use the same password, so you will need different passwords and different phrases which makes it a bit more complex to remember but don’t despair you don’t have to memorize all the different passwords there is software that can help you manage all your “strong” passwords. A password manager will allow you to have many different accounts, and passwords the software will even allow you to categorize your accounts. For example, I use RoboForm and categorize my accounts into 2 categories: personal and business. I then just use one password to access my many accounts and passwords. Another helpful tool are fingerprint readers. If your laptop has a finger print reader and a tool to manage your passwords all you have to do is swipe your finger! The Lenovo laptops come with the Thinkvantage password manager, which is also a tool that we use at Xennix.
IT Managers Responsibility Lastly, it is the responsibility of the IT manager or the company that you outsource your IT needs to help you comply with policies that will make your passwords secure for example: Password complexity: Set rules to establish how complex a password should be Password length: Set how many characters a password should have Password age: Set a time limit for the use of the password and prompt users to change their passwords at least once every quarter.
It is our hope at Xennix that we encouraged you to create “strong” passwords today! If you have any questions or wish to contact us please check us out at www.xennix.com You might also find the links below useful and informative: Video done by Sophos in which he explains how to create a strong password: http://www.youtube.com/watch?v=VYzguTdOmmU Best Practices for password policy http://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices http://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices
Click here to veiw Xennix Ltd listing page on BahamasLocal.com
| 
| 