Is it time to go to Pass Phrases instead of Passwords?
According to most authorities, your passwords are the key to accessing a huge portion of your personal information. Today, so many of us have so much stuff online that keeping track of our passwords isn't easy. This has caused many of us to use passwords that aren't as secure as they should be. With the wave of hackers making easy entry into sites it is ever more important to make sure your passwords are kept secure.
The best way to do this is to first make your password longer (we recommend 15 characters or greater) and make sure it contains symbols, upper and lowercase letters, an numbers. Of course, I know what you're saying. How can you possibly remember such a password? Yeah, I agree. The solution is a pass phrase. This is where you take a phrase and use it as your password (spaces and all). An example would be: Joshua plays #7 in football
This phrase is easy to remember (assuming you know someone named Joshua) and easy to type. It also has a mix of lowercase, uppercase, symbols, numbers, and is long. Another benefit of phrases is that for most of us, it is easy to come up with new ones as we go through our daily lives. This allows us to change our passwords often and still remember them. Oh yeah, there's really nothing wrong with writing your password down on a piece of paper next to your desk. In most of our client offices, there isn't much worry about the person in the next cube getting your password; it's really for the external hacker. But naturally if your position requires your stuff to be secure from your coworkers, obviously a post-it note on your monitor may not be a good choice!
There is a lot more you can do with your passwords, but we recommend you change to a pass phrase environment. HLP can assist you with enforcing these changes so that your users are required to make the change. I've included some links below to read about secure passwords, pass phrases, and there's even a link to a password checker that will show whether or not your password meets the test of being difficult to "hack."
Some links for further reading.
Help product personal information with strong passwords
Are smart cards a new way of life?
The Great Debates: Pass Phrases vs. Passwords
Check the strength of your passwords online
Derek Rowan
President
HLP Associates, Inc.
www.hlp.net
P.S. Update to this post. Today, we were contacted by a client to test access to a secured area of their website. We were able to gain access relatively quickly. How did we do it? We guessed their password on the second try. Don't you think you should change your passwords today?
The best way to do this is to first make your password longer (we recommend 15 characters or greater) and make sure it contains symbols, upper and lowercase letters, an numbers. Of course, I know what you're saying. How can you possibly remember such a password? Yeah, I agree. The solution is a pass phrase. This is where you take a phrase and use it as your password (spaces and all). An example would be: Joshua plays #7 in football
This phrase is easy to remember (assuming you know someone named Joshua) and easy to type. It also has a mix of lowercase, uppercase, symbols, numbers, and is long. Another benefit of phrases is that for most of us, it is easy to come up with new ones as we go through our daily lives. This allows us to change our passwords often and still remember them. Oh yeah, there's really nothing wrong with writing your password down on a piece of paper next to your desk. In most of our client offices, there isn't much worry about the person in the next cube getting your password; it's really for the external hacker. But naturally if your position requires your stuff to be secure from your coworkers, obviously a post-it note on your monitor may not be a good choice!
There is a lot more you can do with your passwords, but we recommend you change to a pass phrase environment. HLP can assist you with enforcing these changes so that your users are required to make the change. I've included some links below to read about secure passwords, pass phrases, and there's even a link to a password checker that will show whether or not your password meets the test of being difficult to "hack."
Some links for further reading.
Help product personal information with strong passwords
Are smart cards a new way of life?
The Great Debates: Pass Phrases vs. Passwords
Check the strength of your passwords online
Derek Rowan
President
HLP Associates, Inc.
www.hlp.net
P.S. Update to this post. Today, we were contacted by a client to test access to a secured area of their website. We were able to gain access relatively quickly. How did we do it? We guessed their password on the second try. Don't you think you should change your passwords today?
posted by Derek Rowan at
2:07 PM
<< Home