Is your password secure?

17 Nov 2003

Despite their importance, passwords continue to be one of the weakest links in corporate security, IT security professionals say. “Although computer users have become more sophisticated they still make the same common errors,” says Vigne Kozacek, security engineer with internet security company Entropy. “A scary amount of people still keep their password in the vicinity of their PC. Some even write it on a post-it and stick it to the monitor. Other common errors include using the same password for multiply purposes or failing to change passwords on a regular basis.”

In today’s ever-changing and advancing world of technology most of us have to remember several passwords or codes just to get through the day: bank PIN numbers, house alarm codes, passwords for access to desktop computers, laptops, PDAs – and let’s not even mention online banking. With all these passwords it is hardly surprising that people take the easy way out and choose passwords that are easy to remember: a friend or relative’s name and/or date of birth, car registration number and so on.

So how important is a good password? The CERT/CC (Computer Emergency Response Team/Coordination Centre), a federally funded organisation based at Carnegie Mellon University in the USA, estimates that 80pc of all network security problems are caused by bad passwords; therefore, good passwords are the simplest and most important part of information security.

In the future, the proliferation of biometrics may well make passwords obsolete. Biometrics is a type of technology that uses the unique biological information that we each possess, such as iris patterns, fingerprints and voices, to control access to services and information. The user’s voice or face will essentially become the password.

To help us in the meantime there are a few simple guidelines users can follow to improve their password security. A good password should be at least eight characters long and contain both upper and lower case letters, numbers and symbols where available, for example: use the first letter of each word from a line in a book, song, or poem.

For example: “Who ya gonna call? Ghost Busters!” would produce “Wygc?GB!”
Use two short words connected by punctuation, eg T1me#0ff
Use numbers and letters to create an imaginary vanity license plate password, eg, 1H8work!

Make sure you:

* Don’t use ANY PART of your logon name for your password

* Don’t use any actual word or name in ANY language

* Don’t reuse any portion of your old password

* Don’t use consecutive letters or numbers like ‘abcdefg’ or ‘234567’

* Don’t use adjacent keys on your keyboard like ‘qwerty’

Basically the idea is to choose something that is easy to remember without having to write it down. Even if passwords themselves are strong, accounts can be compromised if users do not protect their passwords.

Please visit our sponsors: CheckPoint : Entropy