How secure are your passwords?
30 MARCH 11
A network can be as secure as you make it - fully patched, good policies for allowing traffic, strict rules for accessing internal services, but a relaxed password policy can bypass all of that. We recently had a server compromised by a cyber attack using a common account name with an easy password. The server was then used to relay hundreds of thousands of spam emails through it, causing massive disruption to their entire network.
If your business has a server we can put in place password policies to force your network to have secure passwords that are changed on a regular basis. If you don't have a server then it's a good idea to ensure your passwords are something a little more difficult than "password" for example.
Below are password ideas that we recommend staying away from:
http://www.stuff.co.nz/technology/digital-living/3255140/Hacking-easy-as-abc123
Check out this website to test how secure your password is:
http://www.microsoft.com/canada/athome/security/privacy/password_checker.mspx
If your business has a server we can put in place password policies to force your network to have secure passwords that are changed on a regular basis. If you don't have a server then it's a good idea to ensure your passwords are something a little more difficult than "password" for example.
Below are password ideas that we recommend staying away from:
- Words in the dictionary
- Your user name
- Your real name
- Any name - we've seen security logs that show cyber attackers running through long lists of names to see if they crack
- Any of the above, with a single character before or after it e.g. "password1" or "5jim".
- Any of the above, with a capital first, or the word reversed or doubled.
- Often crack tools will also substitute "o" for zero "0", or 1 for “i” as well, so that’s not a full proof trick now either.
- At least 8 characters long
- Try and mix up characters (/*#$ etc) and use uppercase and lowercase letters. You could also throw a number or two in for good measure.
- Passphrases can be useful (e.g. Optimus Systems is the greatest IT support company!) but that can get really annoying if you mistype a letter half way through.
- The best passwords are something completely random that only make sense to you.
- If you tell anyone your password, change it. Anyone that knows your password can now be you on a network, or they can tell someone else and then they can be you.
http://www.stuff.co.nz/technology/digital-living/3255140/Hacking-easy-as-abc123
Check out this website to test how secure your password is:
http://www.microsoft.com/canada/athome/security/privacy/password_checker.mspx
