Password Best Practice

Password Best Practice

Passwords are like the keys to your home/car but at work, it is the digital key to highly sensitive data. So why use a weak or simple password to access highly sensitive data?

…like our keys to your car, home and office… so is the password to our sensitive data…

Choosing a secure password is critical to maintaining security. When choosing a password your primary objective is to make it difficult for anyone trying to guess or hack your password electronically. Passwords should contain at least 8 characters as a minimum, and should include at least one numeric and special character (e.g. punctuation marks).

Top Tips for creating Strong Passwords:

  • Use upper and lowercase characters (A-Z & a-z)
  • Use digits from 0-9
  • Use special characters such to: %£$*?’@

Password Dos and Don’ts

Dos

  • Use/create a strong password – Use special characters
  • Change your password regularly (every 40 days for example)
  • Create a password with a minimum of 8 characters
  • Use different passwords for different systems, applications where a single sign-on solution is not in place
  • Use a password safe if there’s one available
  • Be careful of shoulder surfers watching your keystrokes to remember your passwords
  • Do make it random – for example, combine different themes/genre into one password – a word from a song, a poem, holiday, a movie etc.


Don’ts
Basic password practices to keep your password and access to your data secure:

  • Do not share your password with anyone…not even your manager
  • Do not use passwords or combination of characters that are easy to guess
  • Do not use your favourite pets name, animal, colour, child name, date of birth
  • Do not write it down and or stick it to your computer screen
  • Do not use ‘password’, 123456, abcdef… for your password
  • Do not use your username or login as your password
  • Do not use a word or phrase spelt backwards
  • Do not repeat your passwords by changing, or adding another number or letter at the end
  • Do not repeat any of you last series of passwords
  • Do not use dates as a means of creating your password – i.e. September2011
  • Do not use the same password for personal use for work
  • Do not substitute letters for number – for example: password changed to: p055w0rd
  • Do not use any of the examples given in this document as your password
  • Do not use standard dictionary words
  • Do not allow or tick the box or agree to any saving of your password in any forms you fill in online.


Examples of a weak password

  • A blank password field, something that is easy to guess, the name of your pet, birthdays, favourite colours etc.
  • 12345abcdef
  • Abcdef
  • Password
  • letmein

Examples of a strong password

  • A password with a minimum of 8 characters containing one or more of the following: ?%1$*)#@]£ and
  • A password containing upper and lower case and spaces

 

EXAMPLES OF PASSWORD BREACH IN THE PRESS

Facebook: http://money.cnn.com/2013/12/04/technology/security/passwords-stolen/index.html

http://grahamcluley.com/2013/11/top-50-passwords-adobe-security-breach/

eBay Password breach: http://www.bbc.co.uk/news/technology-27503290

http://www.forbes.com/sites/gregorymcneal/2014/05/26/how-to-protect-yourself-after-the-ebay-data-breach/

Very Good examples: http://www.pcworld.com/article/2089244/the-25-worst-passwords-of-2013-password-gets-dethroned.html

>>….. >> Here’s the full list of the worst passwords from 2013, according to Splashdata:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123
  11. 123123
  12. admin
  13. 12345
  14. password1
  15. princess
  16. azerty
  17. trustno1
  18. 000000
  19. 1234567890
  20. letmein
  21. photoshop
  22. 1234
  23. monkey
  24. shadow
  25. sunshine

Any of those familiar?