My husband works in a supervisory capacity in a manufacturing shop. Most of their day-to-day production tracking requires spreadsheets and other computerized reporting tools. He was never issued a password and neither was his boss, so for years both used the passwords of other employees. It didn’t take long before both men realized that the passwords for almost every machine operator, engineer and office worker in the whole shop had passwords that were simply their first names.
My husband is not malicious, but if he had been, he could have logged in anywhere using almost anyone’s password, and changed, deleted or otherwise mangled any report he wanted to. His shop has since changed their reporting procedures, and now require universal access. This situation seems worse: All the shop workers have one access code, while all the supervisors have another, and they are so simple and obvious it would take no effort to guess what they were.
You’ve likely spent years building your business, and secure access is at the frontline of your defenses against hackers or begrudged employees who might want to be destructive. Choosing effective passwords takes a little creativity. It does make them a bit harder to remember, but if creating a unique password helps stop someone from breaking into your accounts, you’ll be ever so glad you made the effort.
- When creating a good password, don’t use words that can be found in a dictionary. Password-guessing programs can simply run through common letter combinations automatically.
- Make each password unique. Hackers know people re-use passwords, so if someone is able to guess a low-level password, they will use it to try to gain access elsewhere. Don’t use your Facebook password for your online banking and PayPal accounts.
- Longer is better. Use at least eight characters.
- Avoid keyboard patterns (qwerty) or sequential numbers (4567), and don’t repeat (1122).
- Strengthen passwords by mixing capital and lowercase letters, using numbers and punctuation marks, and using substitutions, like the number zero for the letter ‘O’.
- Acronyms are good, but don’t use anything obvious like the initials of your name. Create one from something you personally enjoy, for instance, “i love home made cinnamon rolls!” would become “ilhmcr!“. (That is simply an example. I don’t really love home made cinnamon rolls that much.)
- Avoid obvious things like your birthday, phone number, or pet’s name.
- Fun ways to make passwords easier to remember: Pick a phrase and eliminate the vowels, such as “sit on the porch” would become “stnthprch.” Combine words, such as “tooth pick” morphing into “tpoioctkh“. Pick a word, then use the letter to the left of each letter in the alphabet: “shiver” = “rghudq”
Once passwords are created, keep ‘em safe.
- Never tell another employee your password. If you must share occasionally, reset your password later.
- Never write down your password, sticky-note it on your computer, or slip it in your desk drawer.
- Log off when your computer is not in use, or lock your computer at night.
Many companies offer password storage, so if you don’t have a mind of steel and the number of passwords you are using gets to be overwhelming, this could be a good option. I’m almost at that point myself!
Posted on October 6th, 2007 by Vanessa
Filed under: Security
One good strategy is to use a password management program that stores passwords in encrypted format on your desktop machine. Here is an example of one: http://keepass.info/
Another good strategy for guaranteeing strong passwords is to use PassPub to generate unique passwords.
PassPub spares you all the complex password generation rules and creates passwords based on memorable formats.
Hope this is of interest.
Martin Wright
PassPub - Strong Passwords, Uniquely Generated