Your Password Should Be Expired

May 5, 2016 | IT Services, Security-GRC | 0 comments

Six tips to get folks in your organization to create more secure passwords

While strong passwords are an essential piece of data security, the efforts to create passwords can create frustration and even make passwords easier to figure out.

A typical office environment, even with restrictions, is not terribly secure. Our GRC consultant, Ted Kozenko provided us with some insight on just how easy it is to crack a password: “Doing a security assessment on a typical 250-user corporate network, it took me about 4 seconds using free tools to crack 80% of their passwords and 4 minutes to crack 95%.”

The annual Verizon Data Breach Investigations Report released on April 26th analyzed 100,000 security incidents only to find that 63% of data breaches involved default, stolen, or weak passwords.

The most commonly used passwords involved pet names, television shows and sequential key strokes, none of which are considered strong.

Some sage advice and examples should help the users come up with an easy-to-remember, hard-to-hack password and lessen the number of post-its hanging in cubicles with passwords on them. Share them with your team members.

“Doing a security assessment on a typical 250-user corporate network, it took me about 4 seconds using free tools to crack 80% of their passwords and 4 minutes to crack 95%.”

-ASMGi’s Ted Kozenko

How To Create Better Secure Passwords

1. Longer and more complex passwords don’t need to be hard to remember, even when they incorporate upper/lower case letters, numbers, special characters, and 8+ keys.

Practical IT tip: Your guilty pleasure is American Idol. You would definitely remember to type that every time you need to log in. @m&r|can!d0l is a great password, secure and easy to remember.)

2. Don’t believe the tech support person when they call asking for your password; most will never do this.

3. Use a different password for each system you access (work, banking, email, video site, etc.).

Practical IT tip: A password schema may make this way easier to remember than it sounds. For example:
#P@ss_work_2016
#P@ss_email_2016
#P@ss_netflix_2016

or @m&r|can!d0l_work_2016

4. Use a subscription like Legacy Locker to record your passwords and designate who shall receive them upon your death.

5. Don’t start your passwords with a word. Password crack programs start by checking word patterns.

6. Change your passwords at least annually, preferably more than that.

Practical IT tip: May 5 is World Password Day. Who better to remind you to change it than Betty White?

View/Add comments

<script type="text/javascript" src="//platform.linkedin.com/in.js"></script><script type="in/share" data-counter="top"></script> <a href="https://twitter.com/share" class="twitter-share-button" data-via="ASMGi_CLE">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^https:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>

Navigate the blog