[caption id="attachment_56334" align="aligncenter" width="1024"]
Passwords are victims of neglect and the weakest links in the IT landscape[/caption] Security savvy starts here
Carefully creating and handling passwords is the perfect place to become a more savvy Security Pro. It seems reasonable that by the time someone launches their security career, they'd be practicing safe password usage and deployment. Yet, many still let this critical item slip by in daily application.A casual wink and nudge-nudge is given to this tool, which could make a difference between secure and vulnerable. Absent, bad or lax password policies create holes in the security barrier. As as a result, we often unwittingly place our own, our firms or our employers' information at great risk.Today, I encourage you to commit to getting back to the basics. Start a proper routine for increasing password complexity, frequency of change and regular policy updates that govern deployment strategies. When it comes to appliance, infrastructure and network security, best practices are the order of the day.REMEMBER: You can never lay it on too thick or do too much when it comes to security measures. Use good form
The following considerations go a long way to secure intellectual property and hardware. Observe these considerations - ANY OR ALL - and you could avoid the pain or shame of data loss and build your reputation as a conscientious IT professional:
Complexity is good
- Always install a password, or update the existing one, wherever and whenever possible.
- Never share your passwords with anyone.
- Make your passwords more complex and use words or phrases.
- Use combinations of: Upper-case letters, Lower-case letters, Numbers and Special Characters when available. (NOTE: Not all forms allow special characters.)
To make passwords more complex, I usually play with a malaprop, or use malapropism, (also known as a "Dogberryism") to create a paronym. I come up with silly, but entertaining words and phrases that maintain a depth of complexity, yet also are easy enough to remember.Some examples include:
- "I" can be used for "eye" or vice versa
- "4" or "four" could stand in place of "for"
- "1" or "one" or "won"
A completed example is: "eyeamAgreatIT4ABCcorp!" I select password phrases using a standard password best practice rule of thumb, which states, "create your passwords from things I am, things I have or things I do."Eventually, as you encounter a growing responsibility for accounts and programs, you may try a password manager program. When select a good one for your needs, you can usually acquire a pro or paid version for a reasonable fee. Password management programs work well, are secure and are easy to deploy. Stay the course
Good password habits might not necessarily build an impenetrable barrier around everything you do, but they'll help shore up the front line.A final note of encouragement: Don't let other staff be lazy or put off your resolutions to enforce new password approaches and policies. The resistance you might face may last a short while or a long while, but you'll shine like a champion when things settle down.Push for changes and better policies because it's your responsibility to drive needed security practices within your organization. As you adopt these suggestions and build your practices, you'll create more confidence in those who depend on you as their Security Professional. Paul George - IT Specialist
More awesome content...The Real Science Behind Cracking Passwords3 Simple Methods for Complex PasswordsShatter this Myth: Passwords Keep Your Data Totally Safe