COMPLIANCE COUNSELOR
Guidelines for creating secure passwords
SUJEET BAMBAWALE
10.17.2001
Rating: -2.87- (out of 5)
This tip was submitted to the searchSecurity Tip Exchange by user Sujeet Bambawale. Let other users know how useful it is by rating the tip below.
Security awareness at the end-user level is very important to personal as well as corporate computing, and secure passwords are among the stepping stones towards a secure computing environment.
There has been some interesting reference material here regarding secure passwords, and these are some thoughts and comments that I would like to add into the mix.
In my opinion, secure passwords are those that meet the following criteria:
Alphanumeric
Can be typed in the dark (without looking at the keyboard)
Are not necessarily the conversions of an alphabetic sequence
Passwords that need to be converted using some specific key, however easy-to-remember it may be, require some sort of mental calculation. Passwords that can be touch-typed (typed in the dark, or typed without looking at the keyboard -- just by aligning and using your fingers in a certain way on the keyboard) are far better because one doesn't need to write them down anywhere.
The downside of converting easy-to-remember alphabetical or alphanumeric strings into "Passwordese," is that the seed string is still easy to remember for the user and easy to figure out for the attacker. Extending that ease-of-use concept, the key is also usually easy to figure out, and therefore the password generated is usually not as secure as the user may believe it to be.
Here are a few personal details that are easy for most attackers to find out, and thereby apply to attempting password break-ins:
Birthdate
Vehicle's license plate number
Cube or office number
Phone extension number
Wedding anniversary
Significant other, spouse and/or kids' names and/or birthdates
Your middle name
Residence numeral within your address
Firm's stock symbol
Brand of vehicle
Combinations and permutations of the above can have some pretty interesting alphanumeric sequences that seem secure, but can be quite easily figured out. These include:
Your first initial, your spouse's first initial, wedding anniversary
Your initials, phone extension
Cube or office number, your initials, phone extension
Your middle name, your birthdate
Brand of vehicle, your license plate number and year of purchase'
Firm's stock symbol, cube number, phone extension
As you can imagine, the complexity of the combinations can increase to "reasonably secure," but all the same, the set of most known values is still fairly insecure.
In conclusion, a touch-typed alphanumeric sequence on a keyboard may be sufficiently random so as to throw a wrench into the guessing game, and be a reasonably secure first level of security.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
