Creating a Secure Password - EiS Kent
Creating a Secure Password - EiS Kent
Creating a Secure Password - EiS Kent
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
IT Security<br />
<strong>Creating</strong> a <strong>Secure</strong><br />
<strong>Password</strong><br />
Best Practise for Staff<br />
Updated for<br />
2013<br />
The role that passwords play in securing a network<br />
and its data can often be underestimated and<br />
overlooked. <strong>Password</strong>s provide the first line of<br />
defence against unauthorized access.<br />
<strong>Creating</strong> a strong password<br />
‘Weak’ passwords can provide unauthorised users with<br />
easy access to the network and your files, while strong<br />
or complex passwords are considerably harder to<br />
crack, even with the password-cracking software that is<br />
available today. <strong>Password</strong>-cracking tools continue to<br />
improve, and the computers used to crack passwords<br />
are more powerful than ever. <strong>Password</strong>-cracking<br />
software often uses one of three approaches:<br />
l<br />
l<br />
l<br />
Intelligent guessing<br />
Dictionary attacks<br />
Brute-force automated attacks that try every possible<br />
combination of characters<br />
Given enough time, the automated method can crack<br />
any password. However, strong passwords are much<br />
harder and therefore, take more time to crack than weak<br />
passwords. A secure network has strong passwords for<br />
all user accounts.<br />
A weak password:<br />
l Is no password at all<br />
l Contains your user name, real name, company name<br />
or any personal information<br />
l Contains a complete dictionary word. For example,<br />
<strong>Password</strong> is a weak password<br />
A strong password:<br />
l Is at least eight characters long<br />
l Does not contain your user name, real name,<br />
company name or any personal information<br />
l Does not contain a complete dictionary word<br />
l Is significantly different from previous passwords.<br />
<strong>Password</strong>s that increment (<strong>Password</strong>1, <strong>Password</strong>2,<br />
<strong>Password</strong>3 ...) are not strong<br />
l Is alphanumeric (contains both letters, numbers and<br />
symbols)<br />
A password can meet most of the criteria to be a strong<br />
password but can still be rather weak. For example,<br />
Hello2U! is a relatively weak password even though it<br />
meets most of the criteria for a strong password.<br />
H!elZl2o is a strong password because the dictionary<br />
word is interspersed with symbols, numbers and other<br />
letters.<br />
<strong>Creating</strong> and remembering a strong password may<br />
seem daunting at first, however, there are several<br />
methods that can make creating and remembering a<br />
strong password easier.<br />
e.g. The first letters of an easy to remember sentence or<br />
phrase can be used to form a password:<br />
“I have a rabbit called Dennis who likes to eat carrots”<br />
The password would then be: Iharcdwltec<br />
This is much easier to remember and type because you<br />
can think of the sentence as you type. Although the<br />
password meets some of the strong password criteria, it<br />
still lacks numeric, characters and a mixture of upper<br />
and lower case letters. These can be added into the<br />
password very easily.
IT Security – <strong>Creating</strong> a <strong>Secure</strong> <strong>Password</strong> 2<br />
The Rabbits name in a normal sentence should be<br />
capitalised, so this could be included in the password.<br />
The word “to” could also be replaced with the number 2<br />
and an exclamation mark at the end just for fun.<br />
The password after these additions would then be:<br />
iharcDwl2ec!<br />
This is now a strong password that is easy to remember<br />
and type.<br />
Keeping your password strong<br />
The most secure passwords in the world can also<br />
become the most insecure passwords if they are not<br />
“maintained”. Following the guidance below will help to<br />
ensure your password is not compromised.<br />
l<br />
l<br />
A password that is written down anywhere is not<br />
secure, if you have to write a password down to<br />
remember it then it is not suitable – create a new one.<br />
Try to avoid using the same password for everything<br />
as this makes several accounts vulnerable if one is<br />
“hacked”, imagine if your car key also unlocked your<br />
house.<br />
l<br />
l<br />
l<br />
l<br />
l<br />
l<br />
Avoid using the save password option in applications<br />
or browsers. DO NOT write a password on sticky<br />
notes, desk blotters, calendars, or store it online<br />
where it can be accessed by others.<br />
Do not use any part of your name; first, middle or last!<br />
Definitely do not use names of your children or pets.<br />
Do not use other information easily obtained about<br />
you. This includes pet names, car license plate<br />
numbers, telephone numbers, identification numbers,<br />
important dates, the make of your car, the name of the<br />
street you live on and so on. Such passwords are very<br />
easily guessed by someone who knows the user.<br />
Do not use keyboard sequences, e.g., qwerty.<br />
Do not use the original password given out when your<br />
account was set up.<br />
Do not share your password with others, no matter<br />
what the circumstances are and DO NOT let anyone<br />
use your account or use that of others.<br />
l<br />
l<br />
All passwords should be changed regularly, in certain<br />
circumstances more often. For example, if you<br />
frequently use un-trusted devices or networks, your<br />
password should be changed more frequently to<br />
avoid the possibility of the password being captured<br />
on a key logger etc , or if you work around children<br />
with prying eyes.<br />
Learn to type your password quickly so it’s harder for<br />
others to see what keys are being pressed.<br />
Our passion in <strong>EiS</strong> <strong>Kent</strong> is<br />
to make a real difference<br />
in education and<br />
ultimately children's lives<br />
by providing innovative<br />
solutions and outstanding<br />
support services.<br />
www.eiskent.co.uk<br />
info@eis.kent.gov.uk<br />
Tel: 0300 065 8800<br />
Fax: 01622 663591<br />
<strong>EiS</strong> <strong>Kent</strong><br />
The Shepway Centre<br />
Oxford Road<br />
Maidstone, <strong>Kent</strong><br />
ME15 8AW