AntiOnline Security Spotlight: Ironclad Passwords
More often than not, a weak user password is the only thing standing in the way between an intruder and your company's valuable data. Lay the foundation for a strong password policy with this week's spotlight AO discussion.
Never mind fancy IDS hardware, impenetrable firewalls and anti-virus software that relentlessly zap bugs. A savvy intruder can sidestep all of these security measures by simply logging in with a perfectly legitimate user/password combo.
To this day, weak passwords are the bane of security administrators. Many simply find it hard to compel users to adopt a policy of tough-to-crack passwords. Even when forced to do so, users will typically write the password on a sticky note and post it for all to see, or better yet, hide it under the keyboard. The old key-under-the-doormat trick!
It is important to instill in every computer user the importance of strong passwords. Passwords based on the names of loved ones, pets, and favorite sports teams are far too easy to guess. Birth dates, anniversaries and ID numbers are also a bad idea.
Passwords, as a rule, should be fairly lengthy and seemingly random in their composition. This means they should be comprised of a healthy mix of upper and lowercase characters, along with numbers and even special characters, if allowed.
Also, stay unpredictable! If you have a system for generating your passwords, then cracking just one can throw open the doors to countless other accounts.
For more tips, be sure to visit this week's spotlight thread.
Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.
Direct link to this week's spotlight thread:
The author of this week's AO spotlight, mark_boyle2002, reminds us of why we should exercise caution when dealing with passwords.
You would not dream of securing the front door of your home with a paperclip and some string and yet many people opt to use weak passwords on their computers.Think your methods of generating passwords are clever? Here's one more reason for making it tougher for intruders.
One of the main key areas to computer security is selecting a good strong password that will be difficult to guess or obtain.
An important note here is the "obtain" part. It is surprising how many people will give others their password. Never do this.
...Another method commonly employed by hackers is brute force. This involves trying every possible combination of words and numbers. An average 2.4 GHz processor can try 300,000 passwords a second under normal circumstances.And when in public, it's always best to simply watch your back!
Note: It is important to select a long password and include uppercase, lowercase, numbers and symbols where available.
The WatcherRead the rest of this thread and chime in with tips of your own by following this link.
Another method that a cracker after a particular person's password can employ is to watch them type it in.
Note: Make sure your password is something you can remember and type quickly to avoid it being seen by someone looking over your shoulder in an Internet cafi or at work.
What is AntiOnline?
AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on security hazards and how to protect your systems against them.
We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process. Stay tuned as Enterprise IT Planet spotlights the eye-opening discussions and expert participants that have helped make AO the "go to" online resource for network security.