Search



Contact Us

Remote Assistance


Powered by TeamViewer

Rate Us!


How did we do? Rate us on WOMO!

Passwords

I am generally concerned with the use of very simple passwords that I come across regularly.

I recently ran a password cracking tool over all passwords in one workplace to get a feel for how secure their passwords were. The results were not ideal considering there were less than 70 staff.

  • 19 passwords were found within 1 second;
  • 40 within 30 seconds;
  • 52 within 60 seconds;
  • 55 within 3 minutes.

Passwords discovered (apart from the ones which were the users own name) included:

  • abc123
  • surfer
  • thursday
  • fuel01
  • bulldogs
  • password
  • pink01
  • gold65
  • mushroom

And the list goes on. If you recognise any of these passwords as similar to your own, you should recognise why there is a need to make passwords a bit more secure. Sometimes the people with the extremely simple passwords have remote VPN access directly into the work network which is a massive security issue and puts the entire network at risk.

There are great security differences between a non-secure password (eg apple12) and a (more) secure password (ApP!e1@).

You need to make up a password you can remember. Use a pass-phrase to help, use a combination of upper and lower case, numbers and special characters. Use substitute characters, eg use 1 instead of i. If you normally have two numbers at the end of you password, randomly substitute the number’s special character, eg instead of 24, use @4 or 2$. I dont want to make this so hard you end up writing down your password and sticking it on your screen so you get it right as this kind of defeats the purpose.

An example of a strong complex password is M2dn@saR3x which could be remembered with the pass-phrase – “my two dogs names are spot and rex” or “M(y) 2 d(ogs) n(ames) @(re) s(pot) a(nd) R3x
Your password protects your IT, the longer and more complex the better. Security paranoid people recommend 20 characters or more but in reality, make sure they are a minimum of 8 characters long and as varied as possible and change them regularly (a few times per year or more often).

Posted in: Business, Security