The role that passwords play in securing an organisation’s network is often underestimated and overlooked. Passwords provide the first line of defence against unauthorised access to your organisation.
Weak passwords provide attackers with easy access to your computers and network, while strong passwords are considerably harder to crack, even with the password-cracking software in use today. Password-cracking tools continue to improve, and the computers used to crack passwords are more powerful than ever.
Password-cracking software uses one of three approaches: intelligent guessing, dictionary attacks and brute-force automated attacks that try every possible combination of characters. Given enough time, automated methods can break any password. However, strong passwords are much harder to guess than weak passwords. A secure computer has strong passwords for all user accounts.
A weak password:
- contains your username, real name or company name; or
- contains a complete dictionary word. For example, ‘Password’ is a weak password.
A strong password:
- is at least seven characters long;
- does not contain a complete dictionary word;
- is significantly different from previous passwords; and
- contains characters from each of the following four groups:
- upper case letters (A, B, C…)
- lower case letters (a, b, c…)
- numerals (0, 1, 2…)
- special characters (those other than numbers and letters).
Some other password tips:
Don't re-use passwords. This can turn a minor breach into a major security issue. At the very least, use unique passwords for more sensitive accounts (such as Citizen Space).
Keep passwords safe! With all these unique passwords, unless you have the memory of an elephant, you'll need to record them. There are lots of tools out there to store passwords securely, such as 1Password, or (on any Mac hardware) Keychain. For office-based systems, you could also store old-fashioned pen-to-paper records in the safe. Passwords on post-its are a no-no.
Change passwords regularly, and definitely after any breach or suspected breach.
Don't make it easy - make sure you log out of any high-level systems before leaving your screen for a long period of time.