Just as good fences make good neighbors, strong passwords make secure users. Put another way, if your pastor is using his first name as a login, and his last name as a password, it won’t be long before your website and/or email system begins spewing spam for various online services not usually associated with a church … or worse.
What do I mean by worse? Glad you asked.
All a hacker need do is to figure out the login and password to one privileged account and that’s usually enough for them to then quietly get into the rest of your system and begin discovering sensitive information about your organization and/or its members.
I mean imagine the emotional impact and legal/political ramifications that could arise by the publication of private data and/or identity theft resulting from a system compromised by weak password practices.
Okay I’m freaking out, so now what? Glad you asked.
Here are five things you can teach your users to do in creating and using stronger passwords:
- Avoid passwords based on repetition, dictionary words, letter or number sequences, usernames, or biographical information like names or dates;
- Include numbers, symbols, upper and lowercase letters in passwords;
- Password length should be around 12 to 14 characters;
- Don’t write down passwords where prying eyes can see them, like a PostIt note taped to the underside of one’s keyboard; and
- Avoid using the same password when registering with other online services.
Easier said than done Dean. Yes, I know but …
Unfortunately, getting laypersons and staff to use strong passwords is indeed easier said than done because by their nature, such passwords are harder to remember and guess.
That said, one technique I’ve seen used with success is employing passwords based on easy-to-remember mnemonic phrases such as:
- mYd0gh@sFleaz – or My Dog Has Fleas
- @0ne4all2C – at 1 for all to see
There are also a number of free online services that will generate a strong password if you’re having trouble thinking up one of your own, here are just a few:
- StrongPasswordGenerator.com
- PC Tools Password Generator
- Mnemonic Strong Password Generator
- OnlinePasswordGenerator.net
- GoodPassword.com
Along with that, here’s a link to a rather nice free online service that will rate your password’s strength against a number of the criteria mentioned above and then some:
And if you’re too chicken to tell your church secretary that the name of her prize poodle isn’t going to cut it, just send him a link to this article. I can take it from there.
September 17, 2008 at 11:37 pm
Good piece on passwords. I also suggest passphrases. I tell people to take the first letter from a sentence they can remember and add some symbols/numbers. I actually wrote a paper for users and network admins about creating stronger passwords. If you are a Microsoft admin Part 2 is a must read. I really enjoy your site.
Secure Passwords a Primer in 2 Parts (pdf)
http://twurl.cc/4wg
Tsudohnimh
KnowtheNetwork.com
Pingback: In plain English - how they hacked Sarah Palin's Yahoo account | blogs4God
Pingback: Useless Nexus » Blog Archive » Password Security
September 22, 2008 at 7:26 am
Bear in mind that most cases of cracking these days are remote attacks, not by people physically in the building. If people have problems remembering long passwords, then write them down. Don’t be afraid to do it. Obviously, storing this information in a secure place (locked desk drawer, etc) is probably a good idea. But a difficult password written down is, generally, more secure than an easy password that you can remember.