Following up on Jon’s recent post looking at changes enterprises can make to achieve security serenity, I’d like to offer some specific tips on how to make stronger passwords and some general online account safety advice.
- Use a unique mix of character types (both letters and numbers) and capitalization in your password – the use of varied characters (*&^%$#) and capitalization increases the difficulty in guessing your password
- Use a password that is easy to remember, but hard to guess – for example do not use passwords with repeating characters, keyboard patterns (such as qwerty or 1qaz), or passwords that include demographic information such as your birthday or home address.
- An easy to remember, but hard to guess password is as simple as taking the first letter from a sentence –aftohtmsp (A few tips on how to make stronger passwords)
- Then mix in the varied character set, capitalization, and punctuation. i.e. Aftohtm5p!
- Use unique username and passwords combinations for different accounts – your Facebook password should not be the same as your online banking password – this reduces your risk should an account be compromised by not placing your other accounts at risk.
- Utilize two-factor authentication when possible to further protect your account – two-factor authentication provides and extra layer of protection by adding another authentication mechanism (such as something you have – like a token) to your login process.
- Watch out for password recovery options – don’t let them be the weak link in your password chain. Be cautious of what questions you choose and how you answer them, the same rules apply for your questions and answers as do when creating a password.
When creating a password, it is important to remember that a malicious user is trying to guess your password. This is accomplished through various methods – including pure brute-force and dictionary attacks. Often times a dictionary is prepopulated with unique demographic and other identifying items about you, such as your kids and pets names, birth dates, address, etc.; this increases the probability that your password will be guessed. By keeping this in mind, you will be ahead of the game.
Located in Pennsylvania, Jason Rhykerd, CISSP, is a security professional with over 10 years of experience in assessing, analyzing, and auditing IT security risk. Jason has worked in multiple industries including healthcare, manufacturing, nuclear power generation, and government.