How easy is your password to crack?
June 16, 2009 by Sam NarisiPosted in: Document retention, In this week's e-newsletter, Latest News & Views, Security and law
Is your carefully chosen password as secure as you think it is?
HR is a goldmine for confidential personal information that’s often the target of identity thieves. Anyone working in the HR department needs to be careful about keeping that data safe. The first step: secure passwords.
Some tips for passwords that are tough for hackers to break:
- Use at least 8 characters, with a mix numbers and upper and lowercase letters. When a password’s only made up of five letters, there are 11.9 million possible combinations. Sound pretty safe? Not when you consider that a password with eight mixed characters has 899.2 trillion possibilities.
- Come up with nonsense. Many people create passwords out of actual words or phrases, because they’re easy to remember. But those are also easier for hackers to find out.
- Change it up. Everyone in the HR department should come up with a new password once a month. One tip: Load monthly reminders on your and staffers’ computers.
- Log off. The best password in the world doesn’t do any good if the user stays logged in constantly. When working with sensitive information, it’s important to log when stepping away even briefly. Otherwise, any passer-by should find a screen full of valuable info.
Tags: confidential data, identity theft, passwords
June 23rd, 2009 at 1:24 pm
Regarding #4, I believe you meant “lock” rather than “log off”. If using Windows, and using a “modern” keyboard with a “Windows Key” (looks like the Microsoft Flag, between the left Ctrl and Alt keys), you can lock your computer instantly by pressing and holding the Windows Key and tapping the letter “L”. Win+L=Lock. Your screen will instantly clear and be replaced by the “Computer Locked” dialog which prompts you to press Ctrl+Alt+Del to unlock.
If using an old keyboard, press Ctrl+Alt+Del then hit the Space Bar to lock. Either way, in less than a second, your computer is secure.
As a backup, for the rare event that you forgot to lock before you walk, set your screen saver to activate after 10 minutes of inactivity, and require a password to unlock. It’s not perfect, but it provides a safety net, while not being too intrusive.
June 23rd, 2009 at 2:31 pm
Regarding passwords:
I use a simple method to teach users to create strong, but easy to remember passwords. Take a poem, song title, line from a song, quote, etc. and write it down. For example:
Four score and seven years ago equals 87
If any of the words are numbers, substitute the digits:
4 score and 7 years ago equals 87
Likewise, you may choose to substitute symbols (although some systems won’t allow this*):
4 score & 7 years ago = 87
Keep only the first letter of each word and remove the spaces between:
4s&7ya=87
*In the case of not using symbols, or to add another level of complexity, mix the case of the letters. Starting with:
4 score and 7 years ago equals 87
Capitalize the “major” words, while leaving the “minor” words lower case:
4 Score and 7 Years Ago equals 87
Then keep only the first letter and strip the spaces:
4Sa7YAe87
or
4S&7Ya=87
These passwords will defeat any “dictionary attack” but will be easy for you to remember and type (after the first few tries).
Now that you have a good, strong, base password, you can append a number, letter or symbol when you have to change it. Using the symbols on the number keys makes this simple if you use them in order (shift+1=! shift+2=@, etc.)
Finally: Do not ever give your password to anyone (even a trusted assistant). If you believe your password may have become compromised, change it immediately. If you have to provide your password to a support person for some reason, change it immediately after they are done working.
June 25th, 2009 at 9:48 am
And don’t write your password on the bottom of your keyboard.
June 29th, 2009 at 6:48 pm
I found my password posted on the cubicle wall of a departing co-worker.