Secure Your Information - Passwords

Use a password with mixed-case letters. Do not just capitalise the first letter, but add uppercase letters.

Use a password that contains alphanumeric characters and include punctuation, where supported by the operating system.

Use a password that can be typed quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by looking at your keyboard (also known as "shoulder surfing").

change passwords regularly. The more critical an account to network integrity the more frequently the password should be changed. This change stops someone who has already compromised an account from continued access.

[Mike]

Good advice :!: Im moving this post to the Techy section ;-)

I'd like to add Do not use the same password for everything :!:


Mike...

[Benny]

Quote:

Originally Posted by Mike

Do not use the same password for everything :!:

That's my personal favourite. I use a nifty little tool called Password Safe to help me with it

[Mike]

Quote:

Originally Posted by Benny

Quote:

That's my personal favourite. I use a nifty little tool called Password Safe to help me with it

I remember all of my passwords and they are all unique. I use a simple technique to remember each one

Step1: Pick a string of text, for example 444NJM

Step2: Take the 3rd letter from the URL of the site you are on (disregard the www) Add it to the end of your string. For example 444NJMl

Step3: Count the numbers of letters in the domain name, add it to the end of the string. For example 444NJMl11

Step4: Your password is 444NJMl11

I use something similiar to the above, the beauty of it is that it isnt difficult. And it doesnt matter too much if one of your passwords is comprimised as the others are signifcantly different to keep people guessing.

After you have used this method a few times it becomes second nature to you. You work it out in a second or so :idea:

Yeah I know that Im only doing a simple shift technique, but, its good enough for most people ;-) If somebody really wants your data they normally bypass any authentication mechanism anyway

Mike...

[dazbeattie]

Password Safe.... Cracking little tool.....

I have a much better one.... memory ! I never write passwords down and all of mine are different. I learnt a little trick in memory mapping and I use it.

Similiar to what Mike is doing.

NEVER weite them down in the back of the diary in some code.... You will be well knackered if the diary is lost, and then you have to transfer them over every year !

Common Passwords :

Parents / Partner / Child's middle name
Telephone Number
Registration Numbers
Computer Manufacturers
Something on the desk
Favourite Cartoon Character
Favourite Food
Favourite TV / Movie - (Makes a good one with the Rocky and Police Academy Movies !!)
Favourite Sports Team

Some of the ones that I have found when carrying out some testing with a well known IT magazine.

Daz

[Mike]

Some companies enforce really strong password policies that mean the the user has to create really complex passwords. It can deafeat the object as some of them write it on a Sticky Note and attach it to their monitor

Strong passwords are essential, but really strong ones are sometimes not :!:

Mike...

i see anything thats is constantly around me
for example i have a clock hung on the wall just above my system at home and i have included the time and time zone in my password
once i am back from home i start cooking so thats my second most priortised activity so i have passwords like spoon, kinfe, cutter along with some numbers
funny is it

[dazbeattie]

One thing that a lot of companies are enforcing is two factor authentication, or even three!

Basically 2 fact authentication is made up of 2 of the following :

Something you know
Something you have
Something you are

Most people use a PIN with a number token (RSA do one called SecureID, the 6 digit number changes every 60 secs).

For those who would like to play with this, RSA do a evaluation kit with 2 tokens and the software. It is good to play with and securing your home pc from your kids !!!

I use a combination of the above for my work and for one customer I have to use all three !

I know that the banks are now looking to use this. I believe that Lloyds is going to deploy this.
Daz

[Benny]

Quote:

Originally Posted by Mike

And it doesnt matter too much if one of your passwords is comprimised as the others are signifcantly different to keep people guessing.

It has it's advantages, but two or more compromises and you're done for ;-)

[surkdidat]

Quote:

Originally Posted by Mike

Some companies enforce really strong password policies that mean the the user has to create really complex passwords. It can deafeat the object as some of them write it on a Sticky Note and attach it to their monitor

Strong passwords are essential, but really strong ones are sometimes not :!:

Mike...

I worked as a temp on IT Support a couple of years back and we had great fun when we saw a password on a sticky removing it, then pretending we were doing something else watching the person come back with their coffee, sit down, and start to look everywhere for their password, only to resort to phoning the IT team two miinutes later, us standing behing them and they wonder why we were giving them a stern lecture.

Another good one was logging in (with the IT Managers discretion and presence) change the password, putting back to the log-in screen and wonder why there password does not work!!!!!