5 tips to create strong passwords

5 tips to create strong passwords

Summary: Employees can be conscientious in protecting enterprise IT integrity by using simple, secure steps to generate strong passwords, says executive.

SHARE:

Enterprises looking to maintain IT infrastructure integrity and deter hackers from attacking employees' passwords, can tap software and simple guidelines to generate secure passwords, according to a security specialist.

Ronnie Ng, Symantec's manager of systems engineering in Singapore and Indonesia, noted that there are systems and configuration management software, which include components and policies that allow IT administrators to enforce strong password guidelines within the organization.

Recent security incidents have stepped up the need for robust secret code. Last month, 20,000 passwords obtained from a phishing scam turned up on a third-party Web site, revealing login credentials to Windows Live Hotmail, Gmail and Yahoo Mail accounts, among others. A subsequent analysis of the compromised passwords revealed that many users were tardy in creating secure passwords.

Viruses such as Conficker and Gumblar, have already attacked the IT infrastructure of organizations such as the Australia and New Zealand Banking Group.

With these in mind, here are five considerations to strengthen passwords and the password-generating process, for both work and play.

  • Use tools that automatically generate random passwords
    IT professionals, Symantec's Ng noted, should make use of business software that allow the automatic generation of random passwords based on a fixed schedule.

    "So even if a certain password somehow becomes compromised, it will only be good until the randomization expires, and it will only apply to [a] particular computer," said Ng.

  • Use alphanumeric characters and unique symbols to create stronger passwords
    Alphanumeric characters with a mixture of upper and lower case letters, numbers and symbols, will make it tough for hackers to crack. Employing this approach will make passwords "as meaningless and random as possible", according to Ng.

    Tech author and columnist J.D. Biersdorfer, noted in a video for the New York Times that such characters and symbols should also be worked into the answers of your challenge questions.

  • Instead of mnemonics, try a 'pass-phrase'
    Researchers at the Carnegie Mellon University in the United States have found out that using mnemonics, which require users to generate a password using the first letter of every word in a sentence, are not as secure as initially thought.

    According to a Newsweek article, 144 volunteers were each asked to create a mnemonic password in a study conducted in 2006. The researchers then built a simple program to scour the Web for famous quotes, ad slogans, song lyrics and nursery rhymes, amassing 249,000 entries. Using this list, which is a relatively small universe of phrases in the security field, the researchers cracked 4 percent of the group's mnemonic passwords, proving that this method has its fallibility.

    Far more secure are pass-phrases such as "du-bi-du-bi-dub", which would withstand a brute force attack--in which a hacker attempts "a," then "ab", then "abc", and so on--for "531,855,448,467 years", according to the report. So think long, but easy to remember phrases, the next time you generate a password.

  • Change passwords periodically
    According to Symantec's Ng, organizations should incorporate system prompts to alert employees to change their password every 45 to 60 days. Frequent password changes result in higher security, making it more difficult for intruders to access company data using outdated passwords. "But do strike a balance as overly frequent changes may hinder productivity," he noted.
  • Avoid generating passwords using personal information
    Internet users have a common headache: there are too many passwords to remember. Today, with Web-based email programs, Internet banking accounts, instant messaging tools, and corporate office computers among some of the more common systems or equipment requiring a password to authenticate entry, it is hard work for users to remember all their passwords.

    However, users should not base passwords on the convenience of their personal information, Ng pointed out. Such data include names, nicknames and birth dates.

    Former Governor of Alaska in the U.S., Sarah Palin, is a cautionary tale. Last year, her personal e-mail account was hacked into by a student, who simply searched the Web to find out Palin's birth date, postal code and where she had met her husband to crack her security code.

Topics: IT Employment, CXO, Security, SMBs

Kevin Kwang

About Kevin Kwang

A Singapore-based freelance IT writer, Kevin made the move from custom publishing focusing on travel and lifestyle to the ever-changing, jargon-filled world of IT and biz tech reporting, and considered this somewhat a leap of faith. Since then, he has covered a myriad of beats including security, mobile communications, and cloud computing.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • 5 tips to create strong passwords

    Nice tips! For my comfort and saving time, I am using Sticky Password Manager - it also includes password generator, which creates strong passwords. And there are many password manager tools on the market.

    http://www.stickypassword.com
    anonymous
  • wonderful article,but if you forget admin password or lost admin password?
    there is a popular solution for those who have been locked out by computer. For this solution, what you need id a second computer that can link to Internet ,Google Windows Password Recovery 6.0 for password recovery. Download and install the software on that computer.
    With Windows Password Recovery 6.0, you can create a reset CD which can be multiple used to reset windows admin password without erasing anything.
    Maggiechen1988