What Makes a Good Password?
The passwords you and your employees choose may be the single most important piece of your basic system security, but how much effort is put into them?
- Are they easy to guess?
- Hard to remember?
- How often are they changed, and are they different for each application?
All of these are important ways of reassessing your password selection.
Think of your passwords like the goalie at a hockey game. A great one keeps all of the pucks out, and a poor one allows anyone who tries hard enough access to your systems. The first thing you should do is make sure every person has their own passwords. That’s pretty basic, but if passwords are shared, it can be pretty hard to track down who is doing what in the system.
Make sure all passwords have at least eight characters, that they are alphanumeric, case sensitive, and also easy to remember. Easy to remember is really the clincher here. You don’t want to have to write them down because then the note can be found, but if it’s too easy, anyone could guess it. One idea is to take a random word and manipulate it. Elephant is easy to remember, and if you change it to E13phan7, you have a password that’s both hard to crack and easy to remember.
Of course, to keep the puck out of the goal, you have to give your goalie a break from time to time. In the same way, you should also change your passwords often and use a new one for each account and application. That way if one is compromised, it will change soon, regardless, and no one will be able to access other systems beyond the one they have the password for.
It may seem like a lot of effort, but keeping passwords safe keeps the goalie in the game and keeps your opponent from scoring.
Daniel Gottilla author
About the author