Passwords are Always the Weakest Links

December 10, 2015 | Views: 2837

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Passwords are victims of neglect and the weakest links in the IT landscape

 

Security savvy starts here

Carefully creating and handling passwords is the perfect place to become a more savvy Security Pro. It seems reasonable that by the time someone launches their security career, they’d be practicing safe password usage and deployment. Yet, many still let this critical item slip by in daily application.

A casual wink and nudge-nudge is given to this tool, which could make a difference between secure and vulnerable. Absent, bad or lax password policies create holes in the security barrier. As as a result, we often unwittingly place our own, our firms or our employers’ information at great risk.

Today, I encourage you to commit to getting back to the basics. Start a proper routine for increasing password complexity, frequency of change and regular policy updates that govern deployment strategies. When it comes to appliance, infrastructure and network security, best practices are the order of the day.

REMEMBER: You can never lay it on too thick or do too much when it comes to security measures.

 

Use good form

The following considerations go a long way to secure intellectual property and hardware. Observe these considerations – ANY OR ALL – and you could avoid the pain or shame of data loss and build your reputation as a conscientious IT professional:

  • Always install a password, or update the existing one, wherever and whenever possible.
  • Never share your passwords with anyone.
  • Make your passwords more complex and use words or phrases.
  • Use combinations of: Upper-case letters, Lower-case letters, Numbers and Special Characters when available. (NOTE: Not all forms allow special characters.)

 

Complexity is good

To make passwords more complex, I usually play with a malaprop, or use malapropism, (also known as a “Dogberryism”) to create a paronym. I come up with silly, but entertaining words and phrases that maintain a depth of complexity, yet also are easy enough to remember.

Some examples include:

  • “I” can be used for “eye” or vice versa
  • “4” or “four” could stand in place of “for”
  • “1” or “one” or “won”

A completed example is: “eyeamAgreatIT4ABCcorp!” I select password phrases using a standard password best practice rule of thumb, which states, “create your passwords from things I am, things I have or things I do.”

Eventually, as you encounter a growing responsibility for accounts and programs, you may try a password manager program. When select a good one for your needs, you can usually acquire a pro or paid version for a reasonable fee. Password management programs work well, are secure and are easy to deploy.

 

Stay the course

Good password habits might not necessarily build an impenetrable barrier around everything you do, but they’ll help shore up the front line.

A final note of encouragement: Don’t let other staff be lazy or put off your resolutions to enforce new password approaches and policies. The resistance you might face may last a short while or a long while, but you’ll shine like a champion when things settle down.

Push for changes and better policies because it’s your responsibility to drive needed security practices within your organization. As you adopt these suggestions and build your practices, you’ll create more confidence in those who depend on you as their Security Professional.

 

Paul George – IT Specialist



More awesome content…

The Real Science Behind Cracking Passwords

3 Simple Methods for Complex Passwords

Shatter this Myth: Passwords Keep Your Data Totally Safe

 

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. I would like either a review or a view on using password manager. They do ensure a secure environment and a seamless way to manage and enter your passwords, but are they really worth it?

  2. Another one, and one I use, is Dashlane Password Manager. I love it.

  3. great newsletter , but the big problem is here ?
    where i save the passwords spacially with all this huge amount of sites and blogger

    • @ENGOSMAN Let me try to put this in some perspective…
      Think about this: 1GB = 1024 mb = 1048576 kb = 1073741824 Characters
      ASCII characters in 8-bit ASCII encoding use 8 bits (1 byte), but can fit a 7 bit payload. Also ISO-8895-1 characters of ISO-8859-1 encoding are 8 bits (1 byte). A Unicode character made up of UTF-8 encoding count between 8 bits (1 byte) and 32 bits (4 bytes).
      If you were to create your passwords with 11 characters, you could make 97,612,893.09090909 passwords. Almost 98 million passwords not enough? Then purchase a 2 GB Thumbdrive. I am certain storage wouldn’t be a problem. BTW free Online storage with Dropbox starts at 2GB. And just by referring friends you can earn up to 16GB of storage. Onedrive offers 5GB of free storage and Google gives away 15GB of free storage.

    • I think his question is really about how to deal with all the different passwords. It was lightly touched on in the article but the best way is to user a password manager. Some of the more popular ones are keepass and lastpass.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel