Premium Member Database last update: Tuesday, December 18, 2018 14:03:20 GMT-0700

Be Paranoid About Password Policies

Tip #1

Be Paranoid About Password Policies

Every website, computer user and business must develop and enforce strong password policies. Proper password procedures may not alleviate your paranoia but it will help you sleep at nights.

Use totally random passwords.

Let?s face it, many people use low-tech, easy to remember and easy to guess passwords. Some of the most common are the last 4 digits of their social security number, the month and date of their birth (which is often the same as their bank card PIN), the name of their favorite pet, a spouse?s name or some other memorable and thus dangerous combination of numbers and or letters.

In Michael Scalisi?s article ?The Art of Creating Strong Passwords? he suggests using stronger passwords; unfortunately, he offers common interchange or conversion patterns (?o instead of 0, 4 instead of A, 1 instead of L, E instead of 3?) to create memorable passwords. The problem this presents is obvious. Common patterns are easy to decipher.

A few years ago we consulted with a company that hired a third party to install new Cisco routers and Firewalls. The third party consultant was asked to provide VPN credentials to all ten employees who would be accessing the company network from the outside. The consultant used employee names and substituted numbers and letters and a special character for the first character. So Robert became #R0b3rt, David became #D@v1d, Samuel became !S@mv3l and Jennifer became !J3nn1ff3r. Oddly, the names of these 10 employees were also listed on the company?s website. Not good!

Your password policy should consist of completely random passwords of varied length. Each password should contain upper and lowercase letters, numbers and special characters. We recommend that the passwords be randomly created as well.

There are several excellent random password creators such as Secure Password Generator and others.

Tip#2 Be Paranoid About User Input