November 9, 2012 Leave a comment
Creating a secure password for your system or network is the cornerstone of an effective security strategy. I continued to be amazed, however, by how many people, who have access to content critical to their organization’s success, fail to take the time to create more complex passwords that will protect this content.
Many users continue to place priority on convenience over security, and as a result, they choose passwords that are simple for hackers to decipher. Recently, SplashData, which develops password management applications, released its annual “Worst Passwords for 2012” list, compiled from common passwords that are posted by hackers. The top three passwords were the actual word, “password,” “123456,” as well as “12345678” have not changed since last year. The worst passwords for 2012 also demonstrate that people are not even changing default passwords – still choosing convenience over security.
Furthermore, although there are some benefits to creating a simple, common password, such as being easy to recall when time to logon to your network or system, these benefits are miniscule compared to the harm a hacker can do your content and network.
Below are some tips on what makes a password “strong:”
- It is at least eight characters long
- It does not contain your username, real name, or company name
- It does not contain a complete word
- It is significantly different from previous passwords
- It includes numbers and symbols, as well as a mixture of uppercase and lowercase letters
It is important for IT managers and system administrators to ensure that users are aware of the necessity of maintaining secure passwords. IT teams should educate users about the importance of strong passwords and how to implement measures that will ensure users’ passwords are effective. Furthermore, IT managers and system administrators also need to stay alert and always one step ahead, such as by discovering potential weak passwords before the hacker does.
IT teams can deploy firewalls, endpoint security, malware analysis and the complete arsenal of solutions to thwart cyberthreats. But, something as basic as a more complex password is critical to strengthen the first line of defense.
I’d like to hear from IT teams that have had success in encouraging users to adopt more sophisticated passwords. Share your secrets for success!