3 Jun 2021

Password security tips

Passwords are the most common means of authentication and you need to choose good strong passwords which you keep confidential. Many systems and services have been successfully breached because of insecure and inadequate passwords.

Passwords are a common form of authentication and are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. But if you choose good passwords and keep them confidential, you can make it more difficult for an unauthorized person to access your information.
US-CERT Publications

Basics of password security

  • Don't write passwords down. Writing your passwords in your notebook, calendar on your desk or sticky note will make it easy for someone to find your passwords.
  • Don't tell anyone your passwords. You should watch out for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords, hence Social engineering. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
  • Don’t use dictionary words or anything that’s easily guessable as your password. The password should have a mixture of Upper case letters, lower case letters, numbers and symbols. Its better to put your digits, symbols, and upper case letters spread throughout the middle of your password, not at the beginning or end.
  • Use longer passwords with at least 8 characters but the more characters the merrier. Longer passwords are more secure than shorter ones because there are more characters to guess.
  • Use a unique password for each account. If one account is compromised, the other accounts will be safe. I know the challenge will be on remembering theses passwords, which is where I recommend the use of password managers.
  • Consider using a password manager program to keep track of your passwords. A password manager is a software application that helps you store and organize passwords. Password managers store passwords encrypted, requiring you to create a strong master password which grants you access to the entire password database. Password managers include random password generators and many will be capable of synchronising your password lists across every PC, smart-phone, or tablet that you own. Here is a round-up of some of the password managers on lifehacker.
  • Use two-factor authentication whenever possible to add a layer of protection. Two-factor authentication offers an option to verify your identity when logging on to your account from an unrecognised device. The typical method is to send a text message to your mobile device with a code you need to type in to verity it’s really you.
  • Do not store passwords in browsers. Malicious sites or someone with physical access to your computer may access your saved passwords.
  • Avoid using public details about yourself to build a password. Don't use things that can be discovered about you, such as your home-town, school or the name of your spouse. Unfortunately, the same should go for password-reset questions.
  • Be sure no one watches when you enter your password.
  • Always log off when you leave your device and also when done accessing your online accounts.
  • Avoid entering passwords on computers you don’t control (like computers at an Internet cafĂ©, library or even a shared computer at your office)—they may have malware that steals your passwords. Always remember to log out when you are using a public computer.
  • Avoid using public computers and public Wi-Fi to access sensitive accounts such as banking and email.

Don’t forget security basics

  • Keep your operating system, browser, and other software up to date.
  • Use and maintain an up-to-date anti-virus software and a firewall.
  • Regularly scan your computer for spyware.
  • Use caution with email attachments and untrusted links.
  • Watch for suspicious activity on your accounts.
There's no guarantee that these techniques will prevent an attacker from learning your password, but they will make it more difficult.
image credit: commons.wikimedia.org