Good Password Tips and Password Management

by Bruce Brown | 5 Comments

These days a single computer user may have dozens of passwords. If you use computers at your job you may need to access secured databases, local workstations and numerous accounts online and each is supposed to have its own unique password. Though many people don't require a logon for their home PC, they will definitely have one for email or websites that they manage. Here is a guide to assist you in strengthening your passwords and password techniques.

After reading this article you will know the following:
-How to make good passwords
-Good password practices
-Techniques to manage all of your passwords

How to Make Good Passwords

Choose a password with the following criteria:
-At least 8 characters in length
-At least 1 number
-At least 1 special character
-Upper and lowercase.

Passwords with difficult combinations make it harder for tools like L0phtcrack, Brutus, John the Ripper, Cain and Able and other password crackers to decipher your password.

When creating a password, don't use personal information such as birthdays, children names, or first and last names. Avoid using words or phrases that can be easily guess or cracked with a “dictionary attack.” Do not use the same password on the different systems. If you work in a classified environment, passwords should be treated at the same level of classification as the systems they protect.

Good password practices

Never share your password with ANYONE including your Administrators, Help Desk personnel or System Administrators. IT professionals at your job or Internet Service Provider (ISP) will not normally ask you for your password. If they do need it then you should give it to them in person and ensure you change it as soon as they are done with their task. A common “Social Engineering” tactic used by malicious hackers consists of calling up unsuspecting users and pretending to be from the computer support staff. Another tactic is to have trusting users email the password or type it into what looks like a legitimate site; this is known as “phishing.”

Be aware of your surrounding when you are typing your password. Watch for “shoulder Surfing” or people watching what you type as you are entering your password. If you use the web to access critical information (such as online banking, or medical information) ensure that the site uses some type of secured method of encryption. You will know this if the site's URL begins with an “https.” SSL and Secure HTTP are sometimes indicated by a tiny lock in a corner of the page. If there is no encryption then it maybe possible for unauthorized users to view and/or capture the data you enter and later access the account using a “sniffer.” A sniffer is a tool that captures all “clear text” or unencrypted data. SSL and Secure HTTP encrypts data so that it looks like gibberish to tools like sniffers.

Techniques to manage all of your passwords

It is best to memorize your passwords however if you have literally scores of passwords from work, home, online business ventures and the bank and you do not have a photographic memory, you may want to write them down and put it in your wallet. This simple and practical task is what author of Beyond Fear, and system security phenomenon, Bruce Schneier, recommends as does Senior Programmer for Security Policy at Microsoft, Jesper Johannson.

Using Password Management applications such as Password Safe, a free Microsoft application for storing passwords, and Password Vault (also free) can help you to effectively manage your passwords.

Another management technique is to allow Windows (and other Operating Systems) to automatically fill in the data. This is great for trusted SECURE environments such as home systems in which you don not need to hide any account information from anyone, but not such a good idea for the work environment. It should also be noted that systems without a high level of Internet security (protected with firewalls, updated patches, NAT enabled, etc) should not use the auto fill features as the passwords are many times stored on the system in clear text making it easy for malicious code such as spyware, trojans and worms to steal your passwords and account information.

The greatest thing you can do to protect your password is to be aware that at every moment someone somewhere would love to access some or all of your accounts. It is not always cyber criminals looking for you banking information, sometimes it is just curious people who happen upon your username & password. It may even be someone you know. Be aware.

 

Other ways to protect your passwords:

.htaccess

PasswordSafe

Online Password Generators:

http://www.winguides.com/security/password.php

http://www.goodpassword.com/

 

 

5 Comments on Good Password Tips and Password Management

  1. erica
    September 25, 2008 at 8:28 pm (11 years ago)

    Updated the link to this page as I am updating my website. This will always be a awesome timeless post as the information in here will always be useful and excellent. I will probabally add a link from Girlgeekette.net too. I always love reading your material! Take care

    Erica (aleeya)

    Reply
  2. Igor
    December 1, 2009 at 4:14 pm (10 years ago)

    Nice post! I'm quite into security and made a website dedicated to password security, at http://passwordadvisor.com

    There's a user guide on how to create and manage secure passwords.

    Cheers!

    Reply
  3. steve
    April 16, 2010 at 8:55 am (9 years ago)

    Since I discovered pixelock.com I have had no password problems at all, simple and effective.

    Cheers
    Steve

    Reply

2Pingbacks & Trackbacks on Good Password Tips and Password Management

  1. […] Visit Rob’s site at http://elamb.org for many great tips and thorough information on security and more. His article on password management can be found at Good Password Tips and Password Management […]

  2. […] Read more about Good Password Tips and Password Management. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment *