You probably have heard stories from your grandparents or your older neighbors of how it used to be, when people could leave thier homes open and unlocked and trust them to remain unmolested.
Those days are long gone now, and people are locking their doors, installing security systems, living in gated communities, and even covering their doors and windows with iron bars.
The same is true in the world of technology, the days long passed when a five or six-letter word sufficed to keep personal information safe as headlines are replete with instances of identity theft, stories of hackers compromising retail giant databases resulting in thousands if not millions of stolen credit and debit card numbers and PINs.
Last year, hackers leaked to the world millions of email addresses and passwords from one major software developer’s database.
In fact, in looking back, as one article put it, 2013 was a very hacked year.
Basically, a simple password is no longer good enough. To go back to the locked door analogy, “It’s like a half-opened screen door,” said Robert Taylor, Senior Network Architect for the IT division of Oklahoma City-based office technology solution provider R.K. Black, Inc.
So how does one create a password with security like that of not only a closed and locked door, but one of a bank-vault door?
According to Taylor, when you are formulating your password, make it:
- A minimum of eight characters — those characters including one symbol, one uppercase letter, one lowercase and a number. You can change out letters with numbers and vice-versa, like substitute “s” with “5” or “$”, “e” with “3”, or “a” with “4”, as examples.
- A phrase or sentence — A passphrase, if you will. Your Labrador retriever’s name “Shadow” doesn’t work anymore. Try something like: “5had0w$B4dbr3ath”.
- Sunset after 90 days — This forces you to remember it and not forget it as is easy if you use the same password for 2 or 3 years. It also make your password more of a moving target.
- Unique to the user and to the login — Don’t use the same password for multiple logins and don’t let everybody in your office use the same password. If the wrong person gets the password, they will be able to access everything, and,
- Free of the user name or parts of the user’s full name — Using John Smith's name or user name just makes guessing his password “Smith123” easy to guess.
By following these tips, you will be about one step past Microsoft’s suggested best practices.
“Putting yourself ahead of Microsoft puts you in what will be the norm in two years,” said Taylor.
For those (like most of us) who have trouble remembering passwords, he recommends using password manager like KeePass, which stores your logins and passwords for free under 256-bit data encryption.
If you have any IT-related questions or issues, feel free to contact us at R.K. Black, Inc., talk to our IT team and let us bring you a solution that works.