Enterprises looking to maintain IT infrastructure integrity and deter hackers from attacking employees' passwords, can tap software and simple guidelines to generate secure passwords, according to a security specialist.
Ronnie Ng, Symantec's manager of systems engineering in Singapore and Indonesia, noted that there are systems and configuration management software, which include components and policies that allow IT administrators to enforce strong password guidelines within the organization.
Recent security incidents have stepped up the need for robust secret code. Last month, 20,000 passwords obtained from a phishing scam turned up on a third-party Web site, revealing login credentials to Windows Live Hotmail, Gmail and Yahoo Mail accounts, among others. A subsequent analysis of the compromised passwords revealed that many users were tardy in creating secure passwords.
Viruses such as Conficker and Gumblar, have already attacked the IT infrastructure of organizations such as the Australia and New Zealand Banking Group.
With these in mind, here are five considerations to strengthen passwords and the password-generating process, for both work and play.
"So even if a certain password somehow becomes compromised, it will only be good until the randomization expires, and it will only apply to [a] particular computer," said Ng.
Tech author and columnist J.D. Biersdorfer, noted in a video for the New York Times that such characters and symbols should also be worked into the answers of your challenge questions.
According to a Newsweek article, 144 volunteers were each asked to create a mnemonic password in a study conducted in 2006. The researchers then built a simple program to scour the Web for famous quotes, ad slogans, song lyrics and nursery rhymes, amassing 249,000 entries. Using this list, which is a relatively small universe of phrases in the security field, the researchers cracked 4 percent of the group's mnemonic passwords, proving that this method has its fallibility.
Far more secure are pass-phrases such as "du-bi-du-bi-dub", which would withstand a brute force attack--in which a hacker attempts "a," then "ab", then "abc", and so on--for "531,855,448,467 years", according to the report. So think long, but easy to remember phrases, the next time you generate a password.
However, users should not base passwords on the convenience of their personal information, Ng pointed out. Such data include names, nicknames and birth dates.
Former Governor of Alaska in the U.S., Sarah Palin, is a cautionary tale. Last year, her personal e-mail account was hacked into by a student, who simply searched the Web to find out Palin's birth date, postal code and where she had met her husband to crack her security code.