Upload File

choosing good passwords

prev
next
out of 5
Download Choosing Good Passwords

Upload: hitachiid

Post on 06-Apr-2018

215 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/3/2019 Choosing Good Passwords

    1/5

    Choosing Good Passwords A User Guide

    2014 Hitachi ID Systems, Inc. All rights reserved.

    http://hitachi.com/http://hitachi-id.com/

  • 8/3/2019 Choosing Good Passwords

    2/5

    Contents

    1 Introduction 1

    2 The Password Management Problem 1

    2.1 Choosing Hard to Guess Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

    2.2 Writing Down Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

    2.3 Reusing Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

    3 How to Choose a Good Password 3

    4 When to Change Your Password 3

    5 Learn More 3

    i

  • 8/3/2019 Choosing Good Passwords

    3/5

    Choosing Good Passwords A User Guide

    1 Introduction

    This document presents a plain-language guide to security threats posed by password cracking software,

    and how to apply good password rules to prevent security compromises. It also gives suggestions forchoosing good passwords and making them secure and hard to guess.

    2 The Password Management Problem

    Its that time again. Youve been asked to change the password that gives you access to all your crucialsystems and information. Or perhaps you need to enter yet another new password to access yet anotherapplication, document, or system.

    2.1 Choosing Hard to Guess Passwords

    Its tempting to pick something easy to remember, like spelling your user name backwards, or childs name,or a word from the dictionary. The problem is, the easier it is to remember, the easier it is for an intruder tosteal.

    Malicious intruders often gain access to a companys systems by stealing, or cracking, a password andaccount name, then posing as that user. If the intruder knows you, they can easily gain access by tryingpassword combinations related to your family or hobbies. If they have physical access to your desk or digitalassistant, their chances of getting into your accounts are even greater if youve used something personalfor your password.

    Hackers use readily available software to rapidly enter random dictionary words until they hit pay dirt, and

    it can take only minutes! The shorter the password, the faster it can be guessed. Even words spelledbackwards, rearranged, or including numbers are not safe. A common misconception is that substitutions,such as replacing the letter l or i with the digit 1 will fool password cracking software. Password crackingprograms are smart enough to do this too.

    Examples of bad passwords include:

    mydog2

    bi11smith

    yromem (memory backwards)

    win4me

    The safest solution for choosing good passwords is to use a randomly generated or seemingly randompassword that:

    Is at least 6 characters long, and longer if possible.

    Contains a mix of upper and lower case letters.

    2014 Hitachi ID Systems, Inc.. All r ights reser ved. 1

  • 8/3/2019 Choosing Good Passwords

    4/5

    Choosing Good Passwords A User Guide

    Includes numerals, special characters, and punctuation.

    Is not based on any personal information.

    Is not based on any dictionary word.

    Examples of strong passwords include:

    De2#vu

    5sd$oiP

    er89TI

    2.2 Writing Down Passwords

    If you have too many passwords, it is tempting to write them down after all, can you really remember 10different passwords, that change at different times, some of which are rarely used?

    Writing down passwords is a serious breach of security, because it means that anyone who can physicallyget to the piece of paper, sticky note or PDA that contains the password, can also log into systems with youraccounts. Should a visiting vendor really be able to sign into the finance application? Should the janitor beable to read your mail?

    A better solution is to create a single, strong password, and apply it to all of your login accounts. Onepassword is easier to remember, and is more secure than a post-it note.

    2.3 Reusing Passwords

    Another temptation, when imagination fails, is to reuse old password values when the time comes to changeyour password. This is also a security problem, since the whole point of a regular password change is tolimit the time available to an intruder to crack your password. If an old password is reused, intruders wouldhave more time to crack them. If the old password was already compromised, the new one will compromiseyour security again.

    If you cannot think of a new, secure password have a program, like Hitachi ID Password Manager, ran-domly generate one for you.

    2014 Hitachi ID Systems, Inc.. All r ights reser ved. 2

  • 8/3/2019 Choosing Good Passwords

    5/5

    Choosing Good Passwords A User Guide

    3 How to Choose a Good Password

    Some security experts recommend using a password based on a mnemonic, such as an easily remembered

    phrase. For example, take the first letter of a each word in a phrase, then add a few special characters ornumbers to it. For example, "lend me your ears" can become "lmye4%". "To be or not to be, that is thequestion" can become "2Bor!2b?".

    This is good technique, but you may need some patience to think up a new phrase every time you changeyour password especially if you have to think of a different password for every system that you log into.This may lead some users to recycle some version of their old password - another security threat.

    Another easy way to choose a good, safe password is to let an application like Hitachi ID Password Managerdo it for you. Password Managermakes remembering passwords easy by synchronizing passwords, so thatyou only have one password to remember, and that password works on every system.

    Password Managercan provide a suggested list of randomly generated passwords, and reject passwords

    that do not comply with strong password rules, so that you always choose good passwords.

    4 When to Change Your Password

    Perhaps just as important as how to choose a new password is when to do it. New passwords are mosteasily remembered if you start using them immediately, and use them often. Dont change your password atthe end of the day, the end of the week, or before a holiday. Instead, change your password in the morning,at the start of the week. Your mind will be clearer, and frequent use of the new password will reinforce yourmemory.

    5 Learn More

    You can learn more about password security and password management processes at:

    http://Hitachi-ID.com/Password-Manager/docs/large-scale-password-management-with-hid-pw-manager.html

    ww.Hitachi-ID.com

    0, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]

    File: /pub/wp/documents/goodpasswords/goodpasswords_2.texDate: 2004-05-26

    http://hitachi-id.com/Password-Manager/docs/large-scale-password-management-with-hid-pw-manager.htmlhttp://hitachi-id.com/http://hitachi-id.com/http://hitachi-id.com/http://hitachi-id.com/http://hitachi-id.com/Password-Manager/docs/large-scale-password-management-with-hid-pw-manager.html

Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS

Passwords good badugly181212-2

Password Management & Public Wi-Fi Security€¦ · 1. Change your passwords – today would be a good idea… • Change passwords on a regular basis • Don’t use “normal”

09 passwords

Passwords, Passwords and more Passwords

Passwords 101

Bible Narrative Part 4 40 Days in the Word. Genesis Introduced Good – choosing the other Choosing God and neighbor before self Evil – choosing self

Choosing Good Friends FHE

Building the ultimate login and signup · 2017. 4. 20. · o Protecting passwords in the database o Getting your users to choose good passwords o Preventing spam accounts • Before

Perfect Passwords

Generalized Cross-Validation as a Method for Choosing a Good

Using Hamiltonian Totems as Passwords Abstract 1 Visual passwords

Choosing a Healthy Meal Eat Good-Feel Good By: Sarah Taylor

Choosing a Good Company Name

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human

Choosing Good Distance Metrics and Local Planners for

Kanishka_3D Passwords

Generating Uniform Random Numbers - ISyE › ~sman › courses › Mexico...Choosing a Good Generator — Some Theory Choosing a Good Generator — Some Theory Here are some miscellaneous

Choosing Custom rugs is a good option !

Passwords Everywhere

Passwords Passwords, Good · Computer Security CSCU9B2 CSCU9B2 1 Contents 1. Passwords 2. Viruses, Worms, Malware 3. Phishing and Scams 4. Personal Information

11 good reasons for choosing InTouch Marketing

There's another good reason for choosing SEKISUI products

Choosing)the)RightDirectory)Integraon)Framework)) for)Your… · Productivity Customer Service Portals Federation for partners On-premise Integration Eliminate passwords for employees

Tips for choosing a good CMS for website designing

Choosing a Good Name

The 4 Fundamentals of Choosing a “Good” Niche

Security Awareness Passwords - Illinois.gov · 3 Passwords Password Cracking Find weak passwords Verify the use of good passwords Characters (complex) Estimated time to crack 7 15

9 tips on choosing a good domain name

Choosing good and attractive fencing style

Passwords & security

Tips for Choosing a Good Mortgage Lender

Bible Narrative Part 5 40 Days in the Word. Genesis Introduced Good – choosing the other Choosing God and neighbor before self Evil – choosing self

Choosing good strategies and goals

Bible Narrative Part 6 40 Days in the Word. Genesis Introduced Good – choosing the other Choosing God and neighbor before self Evil – choosing self