Customer Portal Login

Need IT consulting, support & data security?

Speak to industry experts on implementing industry standard technology solutions for your business…

More Info Request Callback

Thursday, November 14, 2019
Bookmark and Share

Teknik IT Mgmt & Data Security Blog

Teknik IT Management & Data Security has developed this blog to give you ideas and useful information to help our readers understand and receive the most benefit from fast-changing technology.

The information provided in our blog is comprised of the authors' thoughts and solely their opinions based on their experience and research. If you implement any recommendations offered here, you do so at your own risk. Teknik IT Mgmt and Data Security, the authors and contributors are not responsible for any resulting outcome.

Before implementing any changes to your technology, we recommend consulting with an IT professional to make sure they are appropriate for your unique situation.

Get useful information about technology by subscribing to our newsletter and blog.

Submit

Password Best Practices

In today’s advanced technological world, security is our top concern to keep our systems and data safe. It is very important to create a password policy that uses minimum requirements that will adequately protect your systems and data. If your passwords are too short and not strong, it makes them very vulnerable to brute force hacking in which software systematically will guess your password. The longer and more complex the password, the longer it will take the software to guess. Depending on how long and strong your password is, it could be days to lifetimes for software utilities to crack your password.

So what is a strong password? A strong password should be a 14 character alpha numeric password, contain uppercase, lowercase, numbers and non-alphanumeric characters (i.e. ~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/). Also, the username should not be contained in the password.

You should avoid using passwords that are easy to guess. You should not use your name, nicknames, children names, pet names, date of birth, anniversary date, city you live, state you live, address numbers, etc. Basically, you shouldn’t use anything that someone can infer or find on the internet about you to guess your password. I can tell you that I have sat in front of many customer computers, looked at the pictures on the desk, asked the user about them and the names, and then guessed their password. They are always surprised how I suddenly logged in without ever asking for a password. Also, never write your password down and put it under the keyboard or anywhere else it could be found quickly.

You should also change your password at regular intervals. This is very important for several reasons. First, you may have had to tell someone your password and now they have it or someone may have overheard it. Second, your password may have gotten compromised by a virus, key logger or brute force attack. Even if it hasn’t been compromised, changing it will throw these attacks off. I would recommend changing your password every 90 days.

There are some easy methods to use to create strong passwords. Think of a phrase you can remember that would be hard to guess and then remove the spaces. Then add random upper case, numbers and non-alphanumeric characters. Here is an example: I love to eat pizza. Now remove the spaces, ilovetoeatpizza. Then add uppercase, IloVetoeaTpiZZa. Then add some numbers and non-alphanumeric characters, ~IloVe2toeaTpiZZa5^. This gives you a very strong password that is 19 characters long. There are other methods you can also use, like picking random words and putting them together.

To see how to manage all your passwords you can see my blog on How to Manage Passwords.

Details on Microsoft specific password policy requirements and how to enforce them can be found at these links:

This is Microsoft Password Policy
https://technet.microsoft.com/en-us/library/hh994572(v=ws.11).aspx

Microsoft Tips for Enforcing Password Policies
https://technet.microsoft.com/en-us/magazine/ff741764.aspx

Written by Tim Alexander

https://www.linkedin.com/in/timothy-alexander-6b8867112

Friday, August 12, 2016

Written by Tim Alexander

Find out more about the ways Teknik IT Mgmt & Data Security can help you by calling us today to set up a free consultation for our services.

Serving all your computer and business technology needs!

Search