Difference between revisions of "Create secure passwords"

From OpenTutorial
Jump to navigation Jump to search
 
Line 27: Line 27:
  
 
By the way - Do NOT use the <u>Mfv$1c$LM</u> example as your password.
 
By the way - Do NOT use the <u>Mfv$1c$LM</u> example as your password.
 +
 +
== Bibliography ==
 +
* (ISBN 1597490415) "Perfect Passwords : Selection, Protection and Authentication" by Mark Burnett, Dave Kleiman
 +
* (ISBN 1597490482) "Insider Threat" by Eric Cole, Sandra Ring
  
 
[[category:online security]]
 
[[category:online security]]

Revision as of 08:15, 9 May 2006

How to Create Secure Passwords

Password Do's and Dont's

  1. Do not use words found in any dictionary, spelled forward or backward.
  2. Do not display passwords on screens or any other media at any time, and do not store passwords in clear-text (unencrypted) form.
  3. Employ appropriate actions to prevent observers from viewing passwords.
  4. Practice entering your password so that it can be entered quickly using several fingers.
  5. Use your body to prevent an observer from seeing the keys being pressed as you enter your password.
  6. Request that guests do not watch the password entry process.
  7. Perform password entry prior to demonstrating system use.
  8. Change your password when it has been compromised, or when you suspect that it has been compromised.
  9. Memorize your password. Do not write down or store passwords in batch files, automatic log-in scripts, software macros, terminal function keys, or any other place where others might discover them.
  10. Never use the built-in feature of any system to save your password or remember your password for you. If you do your password may be saved / remembered in a clear readable form that hackers can easily find.
  11. Do not disclose or share your your password with anyone.

Password construction

To construct a strong password that is easy to remember, use the initial letters of a phrase (use both upper and lower case), include a number or special character.

For example, if you like to go on vacation, you might take the letters from:

My favorite vacation spot is Cabo San Lucan Mexico

You'd get: Mfv$1c$LM
- Something that you can remember, but would be hard for an attacker to guess.

By the way - Do NOT use the Mfv$1c$LM example as your password.

Bibliography

  • (ISBN 1597490415) "Perfect Passwords : Selection, Protection and Authentication" by Mark Burnett, Dave Kleiman
  • (ISBN 1597490482) "Insider Threat" by Eric Cole, Sandra Ring