What makes a password unsafe?
Is the password a dictionary word (ex. monkey, superman, dragon, password, etc.)? Is the password something common (ex. abc123, 123456, iloveyou, etc.)? Typically employing automated scripts, hackers frequently use dictionary and ‘common password’ lists to probe systems. Over even longer periods of time they may use randomizers.
What constitutes a good password?
A good password is at least 8 characters long, and has (3) or more character types. In addition to lowercase characters, we can also employ these other character types:
-Characters (ex. $ @ ! *)
This is an example of a good 8 character password: z#Nk!919
To make it a great password instead of simply a good one; bump up the total character count to 14.
Avoid using the same password on multiple websites, vendors, credit cards, etc.. You wouldn’t want a data breach at Twitter to give hackers the credentials to your credit cards.
Revisit credentials related to finance and sensitive systems, making them longer and more complex.
Using a System for Credential Management
In decades past, we had little choice but to store passwords in lists or in our e-mail systems, etc.. Both of these methods could be too easily compromised. Recently, many free (personal) and low cost (commercial) applications have been designed to help users and companies solve the problem of credential management. Credential managers make it easier to ensure that passwords never get lost, that they are complex enough, and also allow sharing among defined groups.
Free programs (ex. LastPass Personal) can save and generate complex passwords for you, allowing you to remember one password which grants access to all others when required. Larger teams may have need for cross system synchronization in addition to defined access; which is available from other software vendors.
At AVAREN we use a credential manager designed for commercial use, and are interested in rolling it out to clients as well. Should you have interest in testing a credential manager within your business, please let us know to get it set up for you.