|
The
Key To Success - Password & You
The passwords are quite literally the
key to your success these days, well at least the key to protect
your success. They protect the fortunes you own – bank, credit card
and investment accounts, deepest secret you do not want to share
with just anyone – your medical records, your prescription list;
they also protect your career, the assets of your organization and
sometimes the future of your organization. They protect some of
your privacy and the privacy of the customers of your organization.
As Internet becomes more popular and
the business applications from private to public organizations are
increasingly using it as a platform to deliver services, user ID and
password are becoming more and more critical. So what are some of
the risks if our passwords get compromised?
Following are some of the risks of
one’s ID & password get compromised:
 | Financial –
personal or organizational |
| Data –
personal, customer or organizational |
| Information
or trade secret – personal or organizational |
| Reputation
– personal or organizational |
| Legal
Liability – organizational |
| Regulatory
violation – organizational |
| Identity –
personal |
So how do we protect the passwords
that protect our hard-earned assets and invaluable information?
The very basic of starting to protect
your passwords are to establish a password policy. A sound password
policy should take the following into consideration:
| Enforce
password history – how often should a password gets re-used if
ever. |
| Maximum
password age – how often should a password gets changed. |
| Minimum
password age – to prevent repeated password changes to work
around the Enforce password history. |
| Minimum
password length – set minimum password length, if you do nothing
else regarding protecting your password, at least make your
password longer. |
| Passwords
must meet complexity requirements – include upper, lower cases,
special characters and numbers in your password. |
A weak password can be broken into in
the matter of minutes or at worst hours. What are considered as
weak passwords?
Below are some Dos & Don’ts.
Dos:
| Do combine
upper, lower case word, letters and special characters. |
| Do try to
combine multiple words in your password. |
| Do try to
create meaning in your password using certain patterns so that
there is less chance that you will need to write down the
password in order to remember it. |
| Do make
your password as long as you can. It is the best way to prevent
brutal force attack. |
| Do use
above techniques with foreign word(s). |
Some strong password examples below:
-
!p@s5W0rd! – base on “Password”
-
!0p3n!th3!D00r! – base on “Open The Door”
-
$trI$m3Ag@1n$ – base on ‘Try Me Again”
-
!th3$gr3@t;Wa11:0f Ch1n@ – base on “The Great Wall of China”, if you
notice the space between 0f and Ch1n@, you are right! Certain Operating
Systems allow a space as part of the password and yes, Windows do, try
it!
-
1Lv3(dim(SuM))! – base on “I Love Dim Sum!”
Well, some of what you see here are
actually technically not passwords. They are pass phrases. Yes,
pass phrases. The only password in the above is !p@s5W0rd!. A pass
phrase usually will have more than one word in it and often times
some spaces in the phrase.
Don’ts:
| Do not use
any examples above – grin. |
| Do not use
any names, especially the ones close to you including your pets. |
| Do not use
any words in any language especially English including spelled
backward without using some Dos techniques above to camouflage
them. |
| Do not use
any street or phone number, birthday. |
| Do not use
any license numbers, especially vehicles’. |
| Do not use
well known passwords – P@ssw0rd. |
| Do not use
any combinations of the above. |
| Do not
write down your passwords, even though the passwords may be
encrypted – this is the hardest one to achieve if one employs
all the good practices of sound password policy. |
| Do not
share with anyone of your most important password regardless
what the reasons are. |
Well, these all sound to be pretty
cumbersome and problematic. They can be but consider what you have
to lose for yourself and your organization. If I have my way we all
will be using biometrics authentication by now. By then, even with
biometrics, I would still use ID and password as part of the
authentication process – a topic for another day.
The goal to me here is to make the
password or pass phrase cracking difficult. Earlier you may have
thought, alright so isn’t pass phrase simply a long password, and
may be with space in it? Maybe, there is nothing wrong thinking it
that way though. But there is a reason why long password or pass
phrase is good and necessary.
Most password or pass phrase hacks
are by using cracking – repeatedly and systematically trying to
break into the account by using certain attacking techniques. As
oppose to password or pass phrase guessing, password or pass phrase
guessing will take someone with incredible luck or weak password or
pass phrase to work. Password or pass phrase cracking will take for
the most part time. Given time, all passwords and pass phrases in
the world can be cracked; the whole point of having a long password
or pass phrase is to make the cracking difficult not impossible.
That is one of the reasons why we should change password from time
to time and lock the account out when there are too many bad
attempts of the log in.
By
Benson Yeung,
Senior Partner
Back to Top 
Information Request Form
|
|
