5 simple steps to stronger passwords

2008 September 17
by MeanDean

Just as good fences make good neighbors, strong passwords make secure users. Put another way, if your pastor is using his first name as a login, and his last name as a password, it won’t be long before your website and/or email system begins spewing spam for various online services not usually associated with a church … or worse.

What do I mean by worse? Glad you asked.

All a hacker need do is to figure out the login and password to one privileged  account and that’s usually enough for them to then quietly get into the rest of your system and begin discovering sensitive information about your organization and/or its members.

I mean imagine the emotional impact and legal/political ramifications that could arise by the publication of private data and/or identity theft resulting from a system compromised by weak password practices.

Okay I’m freaking out, so now what? Glad you asked.

Here are five things you can teach your users to do in creating and using stronger passwords:

  1. Avoid passwords based on repetition, dictionary words, letter or number sequences, usernames, or biographical information like names or dates;
  2. Include numbers, symbols, upper and lowercase letters in passwords;
  3. Password length should be around 12 to 14 characters;
  4. Don’t write down passwords where prying eyes can see them, like a PostIt note taped to the underside of one’s keyboard; and
  5. Avoid using the same password when registering with other online services.

Easier said than done Dean. Yes, I know but …

Unfortunately, getting laypersons and staff to use strong passwords is indeed easier said than done because by their nature, such passwords are harder to remember and guess.

That said, one technique I’ve seen used with success is employing passwords based on easy-to-remember mnemonic phrases such as:

  • mYd0gh@sFleaz - or My Dog Has Fleas
  • @0ne4all2C - at 1 for all to see

There are also a number of free online services that will generate a strong password if you’re having trouble thinking up one of your own, here are just a few:

Along with that, here’s a link to a rather nice free online service that will rate your password’s strength against a number of the criteria mentioned above and then some:

And if you’re too chicken to tell your church secretary that the name of her prize poodle isn’t going to cut it, just send him a link to this article. I can take it from there.

categorized under → Reading Room

tagged as → , , ,

4 Comments leave one →
2008 September 17
tsudohnimh permalink

Good piece on passwords. I also suggest passphrases. I tell people to take the first letter from a sentence they can remember and add some symbols/numbers. I actually wrote a paper for users and network admins about creating stronger passwords. If you are a Microsoft admin Part 2 is a must read. I really enjoy your site.

Secure Passwords a Primer in 2 Parts (pdf)
http://twurl.cc/4wg

Tsudohnimh
KnowtheNetwork.com

2008 September 18
In plain English - how they hacked Sarah Palin's Yahoo account | blogs4God permalink

[...] on all this?  Having just today posting to  Heal Your Church Website an article entitled ‘5 simple steps to stronger passwords‘ … entirely unaware of the breaking Palin email story [...]

Pingback
2008 September 18
Useless Nexus » Blog Archive » Password Security permalink

[...] 5 simple steps to stronger passwords [...]

Pingback
2008 September 22
mrben permalink

Bear in mind that most cases of cracking these days are remote attacks, not by people physically in the building. If people have problems remembering long passwords, then write them down. Don’t be afraid to do it. Obviously, storing this information in a secure place (locked desk drawer, etc) is probably a good idea. But a difficult password written down is, generally, more secure than an easy password that you can remember.

Leave A Comment

You must be logged in to post a comment.