The role that passwords play in securing our networks is often underestimated and overlooked. Passwords provide the first line of defense against unauthorized access to our networks. Weak passwords provide attackers with easy access to our computers and network, while strong passwords are considerably harder to crack, even with the password-cracking software available today.
Password-cracking tools continue to improve, and the computers that are used to crack passwords are more powerful than ever. This software uses one of three approaches: intelligent guessing, dictionary attacks, or brute-force automated attacks that try every possible combination of characters. Given enough time, the automated method can crack ANY password. Also, educated
guesses are very effective when it comes to systems with self-service password reset policies that ask personal questions. In 2008, Sarah Palin's Yahoo! mail account was hacked by someone researching Palin's personal life to answer the password reset questions. In spite of the improvements in password cracking, strong passwords are much harder to crack than weak passwords, sometimes taking weeks, months, or sometimes years for a hacker to break. Although other precautions are taken to help a network's security, the first line of defense is having strong passwords for all user accounts.
Most Common Passwords
Many people are prone to using short and simple passwords that are easily guessed. Some of the most common passwords include:
- No password or blank password
- The word "password"
- A repeat of the username or login name
- Names of spouses, friends, or pets
- License plate numbers
- Swear words
- Repeating or sequential patterns (ex. aaaaa, qwerty, 111111)
Best Practices for Password Security
Only a few important steps are needed for users to protect their passwords and online security:
- Select a password that utilizes all character classes:
- Capital and lowercase letters
- The password needs to be a MINIMUM of 8 characters. Make it easy to memorize by using mnemonic devices.
- Example: Mdslwys90! ("My dad is always right, right angle")
Other Things to Be Aware Of
Don't use rows of keys that can be found side-by-side on the keyboard, such as "qwerty", "uiop", "asdfghjkl", and "zxcvbnm".
Although it's not recommended, if you have to write your password down, take it with you wherever you go. Think of it as an ATM card. You wouldn't leave that unattended, would you?
You can test the strength of your password at http://www.passwordmeter.com/.