As much as we try to understand the importance of password security – whether it’s for a computer login, email account, network device, Wi-Fi or domain access – we don’t seem to meticulously implement it every time we set up or change a password. Password security is a popular topic for IT pros and end-users alike, which has remained a hot “good to know” topic, and not always an “I’ll do it right away” thing.
There’s yet another example of a password leakage debacle which reinstates our necessity to enforce stricter password security measures. During the pre-game coverage for NFL Super Bowl XLVIII, the stadium’s internal Wi-Fi login credentials were displayed on a big screen in their network control center which was revealed in a televised broadcast of video footage which showed the big screen and the password – unencrypted, in full visibility! It could, of course, be called an oversight; but when it comes to protecting IT assets and securing data, this is lack of due diligence on the part of the stadium’s IT security team. And they did not review the footage well enough before the telecast and tried to nip it in the bud.
Talking about password sharing, let’s discuss some best practices to ensure one, you build a strong password which is hard to guess, and two some things to remember about leaving your passwords accessible to the others.
Best Practices to Protect & Strengthen Your Passwords
Password Sharing Doesn’t Make You Noble or Kind: Never share your passwords with anyone unless you are absolutely certain there won’t be regrettable ramifications. You never know whether their system is compromised, whether they leave it written in the open, or they are a gullible social engineering target. Even if you have to share it for some reason, better change it immediately after their use with your login access is fulfilled.
Make Them Long, Make Them Strong: Longer passwords are difficult to guess especially if they are alphanumeric, includes special characters, and has a mixture of lowercase and uppercase characters.
- Have at least 8 characters to make you password. The longer, the stronger.
- Make passwords more complex and difficult to guess.
- You can even use password generating software available online to spin up a strong string for your password
- Do not give your biographical details such as name, date of birth, city in your password as they can also be easily guessed.
- Try to ensure your passwords don’t contain any common words from the dictionary.
Strict No-No for Common/Same Passwords: A hacker has many devious ways such as brute force attacks to get into your system. Having common and same passwords for different sites and purposes is only going to make his life easier.
Not All Computers Are Your Friends: Keystroke logging (aka keyboard capturing) has become a common malware that finds entry into unprotected systems quite easily. You may never know it, but your key stokes could be captured as you type out your passwords. There are various types of keystroke capturing software that could swipe your passwords: hypervisor-based malware, API-based, kernel-based, form grabbing-based, memory injection-based and packet analyzers. Always remember to log out of your personal accounts when you are using someone else’s system.
Beware of the Eye of Sauran: We watchful of your immediate vicinity when you enter your password to a secure system related financial and other personally-identifiable information.
As Much As You Do, Your Passwords Too Need Change: It’s always best to change your password every once in a while, and not use an expired password for at least a year. Whether your system prompts you to or not, do make it a point to periodically change your password.
Don’t Make it to The Hackers’ Hall of Fame
Splashdata, a password management company, has released a list of "25 worst passwords of the year" for 2013 which was compiled using data that hackers have posted online (believed to be stolen passwords).
Top 10 Password Preferences: The Weak & Common Themes
Google has released a list of password selection themes that were most popular based on a study consisting of 2,000 people to understand the procedures used to create passwords. Here are 10 most common and easy-to-break-in ones.
1) Pet’s name
6) Place of birth
2) Significant dates (like a wedding anniversary)
7) Favorite holiday
3) Date of birth of close relation
8) Something related to favorite football team
4) Child’s name
9) Current partner’s name
5) Other family member’s name
10) The word "password"
Yes, I agree periodic password change is a grind. To top that, you have to remember what you used earlier to not repeat it again. But it’s all worth the effort to manage and secure passwords, than to face the consequences of account breach, data theft and all the other fallouts. And, do ensure to protect your password and save it from those prying hacker eyes!