Good Password Tips and Password Management
These days a single computer user may have dozens of passwords.
If you use computers at your job you may need to access secured
databases, local workstations and numerous accounts online and
each is supposed to have its own unique password. Though many
people don't require a logon for their home PC, they will
definitely have one for email or websites that they manage. Here
is a guide to assist you in strengthening your passwords and
password techniques.
After reading this article you will know the following:
-How to make good passwords
-Good password practices
-Techniques to manage all of your passwords
How to Make Good Passwords
Choose a password with the following criteria:
-At least 8 characters in length
-At least 1 number
-At least 1 special character
-Upper and lowercase.
Passwords with difficult combinations make it harder for tools
like L0phtcrack, Brutus, John the Ripper, Cain and Able and other
password crackers to decipher your password.
When creating a password, don't use personal information such as
birthdays, children names, or first and last names. Avoid using
words or phrases that can be easily guess or cracked with a
"dictionary attack." Do not use the same password on the
different systems. If you work in a classified environment,
passwords should be treated at the same level of classification
as the systems they protect.
Good password practices
Never share your password with ANYONE including your
Administrators, Help Desk personnel or System Administrators. IT
professionals at your job or Internet Service Provider (ISP) will
not normally ask you for your password. If they do need it then
you should give it to them in person and ensure you change it as
soon as they are done with their task. A common "Social
Engineering" tactic used by malicious hackers consists of calling
up unsuspecting users and pretending to be from the computer
support staff. Another tactic is to have trusting users email
the password or type it into what looks like a legitimate site;
this is known as "phishing."
Be aware of your surrounding when you are typing your password.
Watch for "shoulder Surfing" or people watching what you type as
you are entering your password. If you use the web to access
critical information (such as online banking, or medical
information) ensure that the site uses some type of secured
method of encryption. You will know this if the site's URL
begins with an "https." SSL and Secure HTTP are sometimes
indicated by a tiny lock in a corner of the page. If there is no
encryption then it maybe possible for unauthorized users to view
and/or capture the data you enter and later access the account
using a "sniffer." A sniffer is a tool that captures all "clear
text" or unencrypted data. SSL and Secure HTTP encrypts data so
that it looks like gibberish to tools like sniffers.
Techniques to manage all of your passwords
It is best to memorize your passwords however if you have
literally scores of passwords from work, home, online business
ventures and the bank and you do not have a photographic memory,
you may want to write them down and put it in your wallet. This
simple and practical task is what author of Beyond Fear, and
system security phenomenon, Bruce Schneier, recommends as does
Senior Programmer for Security Policy at Microsoft, Jesper
Johannson.
Using Password Management applications such as Password Safe, a
free Microsoft application for storing passwords, and Password
Vault (also free) can help you to effectively manage your
passwords.
Another management technique is to allow Windows (and other
Operating Systems) to automatically fill in the data. This is
great for trusted SECURE environments such as home systems in
which you don not need to hide any account information from
anyone, but not such a good idea for the work environment. It
should also be noted that systems without a high level of
Internet security (protected with firewalls, updated patches, NAT
enabled, etc) should not use the auto fill features as the
passwords are many times stored on the system in clear text
making it easy for malicious code such as spyware, trojans and
worms to steal your passwords and account information.
The greatest thing you can do to protect your password is to be
aware that at every moment someone somewhere would love to access
some or all of your accounts. It is not always cyber criminals
looking for you banking information, sometimes it is just curious
people who happen upon your username & password. It may even be
someone you know. Be aware.
Author
George Whitecraft
http://whitecraftshoppingmarketing.biz/info/l/tbp
http://whitecraftshoppingmarketing.biz/info/l/pba
posted by George @ 5:59 PM
0 comments
