Hack & Attacks

Creating Strong Passwords


Passwords are an important aspect of computer security, because they are the front line protection for user accounts. A poorly chosen password of an individual may cause our entire network to be compromised. Thus, employees at RSSP are expected to follow these guidelines when selecting their passwords to keeping them secure.

Poor Passwords

Poor Passwords usually have the following Characteristics:

  1. The password contains less than eight characters
  2. The password is a word found in a dictionary (English or foreign)
  3. The password is a common usage word such as:
  • Names of family, pets, friends, co-workers, fantasy characters, etc.
  • Computer terms and names, commands, sites, companies, hardware, software.
  • phone numbers and other personal information such as addresses and Birth of dates
  • Word or number patterns like (aaabbb, qwerty, zyxwvuts, 123321, etc.)
  • Any of the above spelled backwards.
  • Any of the above preceded or followed by a digit (user1, password123)

Good Passwords

 Good Passwords usually have the following characteristics:

  1. Contain both upper and lower case characters. (a-z and A-Z)
  2. Have digits and punctuation characters as well as letters. (0-9, ! @ # $ % ^& * () _ + |~ – = `{}[] :” ; ‘ < > ? . / )
  3. Are at least ten alphanumeric characters long and is a passphrase (Ohmy1stubbedmyt0e).
  4. Are not words in any language (boozeeo, reekoraz, solahyo, supershaino etc.)
  5. Are not based on personal information (names of family, fantasy characters, Actress etc.)
  6. Are not written down somewhere or stored online.
  7. Are easy for the user to remember and hard for an outsider to guess. One way to do this is create a password based on a
  8. song title, affirmation, or other phrase. For Example, the phrase might be: “This May Be One Way To Remember” and the password could be: “TmB1w2R!” or “Tmb1W>r~” or some other variation.
  9. use good Antivirus or Internet Security (kaspersky, bitdefender, avast) and protect your passwords

Securing Passwords

 Here are some general Good Practices in securing your Passwords

  1. Use Password Manager (LastPass) and master password (Firefox)
  2. It is recommended that “normal use” passwords (Email, Web, Desktop Computer, etc.) be changed at least every six months or even more often.
  3. Do not use the same password for UC Berkeley accounts for other non-Berkeley Access. (Personal ISP Account, Gmail, Online Banking, etc.)
  4. Where possible, have separate passwords for work-related access needs (one for Email and another for Facebook)
  5. Do not share work related passwords with anyone, including administrative assistants, secretaries, or family. All passwords are to be treated as Sensitive, Confidential UC Berkeley information.

Here is a list of “Dont’s”

  1. Don’t reveal a password over the phone to anyone.
  2. Don’t reveal a password in an email message.
  3. Don’t reveal a password to the friends.
  4. Don’t talk about a password in front of others or hint at the format of a password. (“my family name” “my pet name”)
  5. Don’t reveal a password on questionnaires or security forms
  6. Don’t share a password with family members
  7. Don’t reveal a password to co-workers while on vacation
  8. Don’t use the “Remember Password” feature of applications (Firefox, Google Chrome, Opera). If you choose to use that feature, make sure to use a master password that is more secure to lock the applications.
  9. Don’t write passwords down and store them anywhere in your place.
  10. Don’t store passwords in a file on any computer system without encryption.

Password cracking or guessing may be performed on a periodic or random basis by InfoSec or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change it.

Related Articals

  1. What is Keylloggers – Explained by Shamran Nawaz
  2. LastPass – An Online Password Manager by Irfad Razik
  3. How to Protect your Firefox Profile by Irfad Razik
  4. What is Spyware – Explained by Shamran Nawaz
  5. What is a Malware – Explained by Shamran Nawaz

 

 


View Comments
View Comments
There are currently no comments.

This site uses Akismet to reduce spam. Learn how your comment data is processed.