In another installment of keeping identities safe, this week we review some of the best practices for safe password selection and management. Surprisingly, even in today’s security-conscious environment, the word “password” and the sequence “123456” remain some of the most common passwords! That makes for funny movie moments (Spaceballs is one of my favorites), but could lead to heartache in the real world.
Here are some basic guidelines to take into account when selecting a password. Different services may have different requirements, but we always recommend choosing a unique password that is as strong as possible, whether it is for a social media account, e-mail address, or network login.
DO
- Select passwords that include a combination of upper and lowercase alphabetic characters, symbols, and numbers.
- Rotate your passwords regularly. Best is to change passwords every sixty days, but rotating them every six months will put you way ahead of most others.
- Develop a difficult-to-guess but easy-to-remember password that incorporates memory devices.
DO NOT
- Use all or part of your name in your password.
- Use a password of all numbers or a single, repeated letter.
- Use a word contained in any dictionary.
- Use a password with a length under six characters.
- Reuse or recycle passwords.
One of the best defenses to password attacks is to select an appropriate length. If an attacker is working to gain access and the dictionary attack method has failed (where words from a dictionary are automatically attempted), a brute force attack will likely be the next step. Brute forces attacks involve cycling through all possible password combinations until the correct one is found. For this reason, the longer the password, the longer it will take a cracking algorithm to successfully guess your password.
But even if we follow all the recommended guidelines and best practices (i.e. selecting an unpredictable password with a length greater than 6 characters and a combination of upper and lowercase letters, numbers, and symbols) we are still missing a premise: a password should be easy to remember.
Writing down your password is highly discouraged, and something like “H$%^j1@” is not going to be easily remembered. One solution to this issue might be to turn a sentence into a password, also called a “pass phrase”. For example if your favorite song is “Glory Days” the password might be “G10reD@z” It’s certainly a complex password, and it is one that can be remembered.
Data security isn’t just something we focus on once a year – it’s something that we need to keep in mind every day.
For more tips and best practices, please visit www.hvshred.com