I know this is basic stuff, but apparently we still need education on choosing a good password. It amazes me to know that if I ever wanted to log on to a client’s workstation, I can usually do this by entering their last name, their spouses name, their pet’s name, or just type “password1.” If these methods fail, I could just read the yellow sticky note attached to their computer or lying in their desk drawer.
Want to have something like this at your company? We will send you a free set of “Don’t write your Password on this” Post-It notes for FREE. Simply, contact us and we will ship them out!
Forget worrying about genius hackers with brilliant techniques for breaking into your system. Why would a hacker need to know how to break into a system when they could simply logon, and not even risk detection? No matter how strong your security is, it can always be trumped by a poorly chosen password that is easily susceptible to brute force attacks or social engineering. So let’s go over the rules again.
Your password should not be:
- “password”
- Words in any dictionary, English or any other language
- Your name, names of people you know, or names of fictional characters
- Any of these possibilities spelled in reversed (leahciM), doubled (MichaelMichael), or mirrored (MichaelleahciM)
- Poor attempts to use numbers or symbols to replace letters in any of these possibilities (M1chae1)
- A long, made up sequence of letters, numbers, or symbols that has no meaning and forces you to write it down, “7F+w3{fJ::3(nud<)jdka{h@pzu*n%%h[|ka”. Such passwords are easy to recognize as passwords because they are so onerous.
- The same as the other passwords you use for everything else. It’s unrealistic to always think of a new password for everything you do, but passwords should at least be created depending on the category of risk.
What your password could be:
- Way back in college they suggested we use the first letter of a song lyric such as “liaun” (Love is all you need). Then throw in some capitalization, symbols, and replacement letters to make it stronger and throw off any attempts at social engineering, “{1i4uN}”.
- A childhood imaginary friend with a fantastic name that you have never and would never tell anyone about, “mR.t&goo3y.” You can’t hack the imagination.
- You can use a mostly ordinary word or phrase, such as “friendsforever,” but move the position of your hands on your keyboard when you enter it. For example, change your standard keyboard position so that your left pinky is on the letter “Q” instead of “A” and “friendsforever” becomes “r483hewr943f34”.
