Baseline Knowledge Articles

Passwords
Your First Line of Defense

To protect your computer, your data and your online accounts, make a strong password your first line of defense.  Your passwords are the keys you use to access personal information that you've stored on your computer and in your online accounts.

To an attacker, a strong password should appear to be a random string of characters.

Creating a strong password:
Each character you add to your password increases the protection many times over.  As a rule of thumb your passwords should be 8 or more characters in length; 14 characters or longer is ideal.

To help you easily remember your password, consider using a phrase or a song title.

Combine letters, numbers symbols and use both upper and lower-case letters.  The greater variety of characters you have in your password, the harder it is to guess.

Use the entire keyboard, not just the most common characters.  Symbols typed by holding down the "Shift" key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.

Password strategies to avoid!
Avoid sequences or repeated characters such as "12345678," "222222," "abcdefg," or adjacent letters on your keyboard.  These do not make secure passwords.

Avoid using only look-alike substitutions of numbers or symbols.  Criminals and other malicious users who know enough to try and crack your password will not be fooled by common lookalike replacements, such as to replace an 'i' with a '1' or an 'a' with '@'.  But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case letters to improve the strength of your password.

Avoid your login name.  Any part of your name, birthday, social security number or similar information about your loved ones constitutes a bad password choice.  This is one of the first things criminals will try.
Avoid dictionary words in any language.  Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions.  This includes all sorts of profanity and any word you would not say in front of your children.

Use more than one password everywhere.  If any one of the computers or online passwords is compromised, all of your other information protected by that password should be considered compromised as well.  It is critical to use different passwords for different systems.
Treat your passwords and pass phrases with as much care as the information they protect.  Never provide your password over e-mail or based on an e-mail request. Any e-mail that requests your password or requests that you to go to a website to verify your password is almost certainly a fraud.

Change your passwords regularly.  This can help keep criminals and other malicious users unaware.  A password that is shorter than 8 characters should be considered only good for a day or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for months.

Do not type passwords on computers you do not control.  Computers such as those in Internet cafés, computer labs, shared systems, kiosk systems, conferences and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing.  Do not use these computers to check online e-mail, chat rooms, bank balances, business mail or any other account that requires a user name and password.  Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install.  These devices let malicious users harvest all the information typed on a computer from across the Internet.  Your passwords and pass phrases are worth as much as the information that they protect.

Never enable the “Save Password” option, even if prompted to do so. Pre-saved passwords make it easy for anyone else using your computer to access your accounts.

Never walk away from a shared computer without logging off. This will ensure no other users can access your accounts.

Passwords are a first line of defense for many computer users.  Businesses require more extensive data security.  Monidax will advise you on the state of the art computer protection and implementation to suit your needs.

 

References: 
www.utexas.edu/its/secure/articles/keep_safe_with_strong_passwords.php
www.microsoft.com