Computer Security

Step 5: Use strong passwords

Strong locks and burglar alarms help keep intruders out of your place of business. Strong computer passwords help keep intruders from knowing your business. Both are extremely important. Yet all too often businesses invest in state-of-the-art burglar systems for their physical space -- and use passwords a child could crack to protect sensitive business documents.

*
Basics of Crafting a Strong Password


A strong password should:

Be at least eight characters long -- and the longer the better

Include a combination of lower and upper case letters, numbers and symbols

Be changed at least every 90 days and when changed it should be significantly different than previous passwords


Following these guidelines, a strong password might be:
J*p2le04>F

Trouble Remembering a Strong Password?

In Windows 2000 and XP, you can use a pass-phrase, such as "I had 5 chicken tacos for lunch."

Pick a phrase and use only the first character of every word, such as Msi5Yold!
(My son is 5-years-old!)

Take short, simple words and link them with numbers and symbols, as in Tree+34+Pond


Beyond the Basics . . .

Selecting Secure Passwords

Enforcing Strong Password Usage Throughout Your Organization
(Only for users of Windows Server 2003 with Windows 2000 Pro or Windows XP Pro clients)

Why Your Business is at Risk

Most small businesses use passwords to authenticate identity -- whether on computers or cash registers or alarm systems. While there are more sophisticated authentication options -- for instance, smart cards and fingerprint or iris scans -- passwords are most common because they are easy to use.

They're also easily misused. Computer-savvy crooks have automated tools that help them come up with simple passwords in mere minutes. Other devious sorts may use fraud to get employees to divulge passwords.

But all too often, the bad guys (and office snoops) get a free ride:

Sensitive information is not password-protected, allowing anyone to walk up to an unsecured computer and log on

Passwords are weak and/or never changed

Passwords are written on a sticky note and posted right next to a computer

Top of pageTop of page

Basic Steps You Can Take

Educate your staff about the importance of passwords. They should regard their password the same way they would an office key, meaning: Don't leave it lying around and don't share it. They also need to know what makes a weak password. Chances are at least a few of them will recognize the error of their ways in the following.

You've got a weak, easy-to-guess password if you use:

Your real name, username or company name

A common word, which makes you vulnerable to "dictionary attacks"

Common passwords, such as "password," "letmein" or "1,2,3,4"

Commonly known letter substitutions, such as replacing 'i' with '!' or 's' with '$' or /o/ with '0' -- if it makes sense to you, it will to a password cracker

A password that someone else knows


Top of pageTop of page