This tip was submitted to the searchSecurity Tip Exchange by user Sujeet Bambawale. Let other users know how useful it is by rating the tip below. Security awareness at the end-user level is very important to personal as well as corporate computing, and secure passwords are among the stepping stones towards a secure computing environment. There has been some interesting reference material here regarding secure passwords, and these are some thoughts and comments that I would like to add into the mix. In my opinion, secure passwords are those that meet the following criteria:
- not as secure as the user may believe it to be.
Here are a few personal details that are easy for most attackers to find out, and thereby apply to attempting password break-ins:
- Vehicle's license plate number
- Cube or office number
- Phone extension number
- Wedding anniversary
- Significant other, spouse and/or kids' names and/or birthdates
- Your middle name
- Residence numeral within your address
- Firm's stock symbol
- Brand of vehicle
Combinations and permutations of the above can have some pretty interesting alphanumeric sequences that seem secure, but can be quite easily figured out. These include:
- Your first initial, your spouse's first initial, wedding anniversary
- Your initials, phone extension
- Cube or office number, your initials, phone extension
- Your middle name, your birthdate
- Brand of vehicle, your license plate number and year of purchase'
- Firm's stock symbol, cube number, phone extension
As you can imagine, the complexity of the combinations can increase to "reasonably secure," but all the same, the set of most known values is still fairly insecure.
In conclusion, a touch-typed alphanumeric sequence on a keyboard may be sufficiently random so as to throw a wrench into the guessing game, and be a reasonably secure first level of security.
This was first published in October 2001