Microsoft At Work

How secure is your password?

Published: 16 February 2006
By Chris Sharman
How secure is your password?

More and more of our day-to-day activities are relying on passwords. Logging into your computer, accessing the company network, doing your online banking, even getting hold of your e-mail can require a password these days. With so many passwords it’s hard to stay creative, but by letting your standards slip you open the door to unwanted visitors.

*
**
Related Links
10 ways to work more securely
Secure and protect data in Excel
Quiz: Office Security Basics
Demo: Stop the spam
Get Safe Online
**
On This Page
The riskThe risk
What makes a password weak?What makes a password weak?
Creating a strong passwordCreating a strong password
Good password managementGood password management
Staying safeStaying safe

The risk

If a hacker gets hold of your password then they can pretty much do anything. They can access your private information, steal and change your data, spend your money, and even worse, pretend to be you! And with a valid password they can do this without detection. So, do you really want to risk all this because you couldn’t come up with a strong password?

Top of pageTop of page

What makes a password weak?

A lack of creativity.
A survey carried out at Waterloo Station last year found that the most common password used by office workers was “password” (16%), followed by the employee’s own name (12%), their football team (11%), and then date of birth (8%). Such passwords are all too easy to guess with a little background knowledge and effort; something a hacker will be all too willing to do to reap the rewards.

Commonplace dictionary words.
These should be avoided to ensure sophisticated software can’t read them easily (they do this by at a rapidly guessing common words; even testing foreign words and ones spelled backwards). This means that a hacker has to put even less effort into trying to get your password!

Recycled passwords
(e.g. “Password1”, “Password2” etc.) or ones that are not changed regularly lose their strength too, so be imaginative and remember when you last changed them to keep them fresh and strong.

Top of pageTop of page

Creating a strong password

Good passwords don’t actually have to be words at all.
They can be a combination of letters, numbers, and keyboard symbols (i.e. ! “ £ $ % ^ & * ( ) _ + [ ] { } ; ‘ # : @ ~ \), and this combination can form a word or words in your head to make it easier to remember. Using a mixture of upper and lower case letters will also add to the variation and overall complexity of the password and therefore improve its strength

For example, instead of having “hackerproof” you could have “HacK3rPr00f”. This may seem complicated to start with, but you’ll soon get used to the tricks and changes you make to the words, and gain the benefits the long run.

Use phrases to help come up with good passwords.
For example, take the phrase “This is what I’m going to use to beat the hackers” and take the first letter from each word to come up with “tiwigtutbth”. Add some upper and lower case letters, a symbol, and a number (e.g. “TiwiG1utBth@”) and you have a strong password. Be careful not to make it too complicated though as you’ll have to remember it, and definitely don’t write it down anywhere!

Create long passwords.
Passwords should be at least 8 characters long as they are more resilient to attack. The more characters it’s made up of, the more variations of there will be, and the harder it will be to break.

Top of pageTop of page

Good password management

Even if you have the ultimate, hacker-proof password it won’t mean a thing if you don’t look after it properly or it falls into the wrong hands. The following steps may sound obvious, but it is surprising (and alarming) how many people don’t actually follow these good practices:

Never disclose your password to anyone.
Recent surveys have shown that up to 75% of a workforce will know a colleague’s password, and two thirds are willing to disclose theirs to a co-worker. Remember, a hacker can be someone you work with!

Use different passwords for different services.
Don’t get lazy and use the same password for everything. One slip up and you’ve granted a hacker access to the whole lot; from your online banking to your company access.

Don’t write passwords down.

Don’t send your password by e-mail.

Change your password regularly.

If you think someone knows your password change it immediately.

Top of pageTop of page

Staying safe

Making these simple adaptations to your passwords and the way you create them may take a little while to get used to, but the benefits to you, your computer, and your company are endless. The better the password the better protected you and your information are, and with ongoing password updates and changes you can keep one step ahead of the game.


Top of pageTop of page