![]() ![]() Organizations are rife with guest accounts, group accounts, accounts with no passwords, a lack of password expirations, passwords that can be easily guessed and opportunities to exploit technical weaknesses or perform social engineering. My response is this: Typically, hackers don't care about the length of passwords when choosing to crack open a computer account. Some have told me that six characters are insufficient, based on the time it takes to crack a password. Warning: Don't use any of the password examples that appear in this article!Ī note about password length: Some information security (infosec) professionals will bristle at ISO17799's recommendation for a mere six characters in a password. Maintain a record of previous user passwords and prevent their reuse. Require that passwords be changed at regular intervals.įorce users to change temporary passwords at the next log-on. They should be free of consecutive identical characters.Īvoid reusing or recycling old passwords. They should be at least six characters long. According to the standard, here are some guidelines for passwords: Ask the IT department to implement best practices for password management in accordance with ISO17799, a widely recognized information security standard. Remember that your password is transmitted over the Internet in the clear, so you should try similar passwords instead of your actual passwords to get an idea of the characteristics of a good one.Īdopt ISO17799 password quality guidelines. This Web site performs calculations based on the complexity and "guessability" of your password and tells you how good your password is. A nifty feature of Password Safe is that when you double-click on a previously stored password entry, it silently copies it to the clipboard so you can paste in the password even if others are watching you type.Ĭheck the quality of your password at. All passwords are encrypted with the robust Blowfish algorithm. He can be reached at Web site is Store passwords in Counterpane Labs' Password Safe tool. As a consultant he provides strategic technology and security services to small and large businesses. Gregory, CISSP, CISA, is an information technology and security consultant, a freelance writer and an author of several books, including Solaris Security, Enterprise Information Security, and CISSP for Dummies. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |