Password Management

Today's organizations depend heavily on IT infrastructure, including many computer systems that authenticate users with passwords. Password management problems, including forgotten passwords and easy-to-guess passwords, contribute to unnecessary costs and security problems. Password management is frustrating for users, and is a top-10 problem for many help desks.

There are many security problems with password management:

Users with many passwords frequently write them down since they are too hard to remember. Written passwords may be attached to user workstations, stored on computer files, or carried around by users. None of these techniques are secure.

Users tend to pick simple, easy-to-remember passwords. Unfortunately, such passwords are also easy to guess, and password cracking software can easily find them.

Some computer systems offer password strength enforcement, but usually only a few rules are available, and the same rules are not available on different types of systems.

Over time, users may share their passwords with friends or co-workers. The best way to overcome this problem is to change passwords regularly. Unfortunately, users are reluctant to do this, and only some systems can force users to change their passwords often.

Poor password security is the main way people can gain unauthorized access to your account and the system. Once having acquired access, a unauthorized user can do one or more of the following

• Access or destroy your data (email, web pages, homework, vital data, etc.)
• Commit illegal and/or embarrassing acts that you may be blamed for
• Use your account to breach security of your computer or other machines across the Internet

People trying to break into systems use a variety of tools to obtain your password including computer programs which try various possible guesses at your password. Some of these programs can try over 200,000 password combinations per second!

San Diego PC Help solves these problems with hand-picked password management software and password strength rules.

Tips & tricks

The object when choosing a password is to make it as difficult as possible for a cracker to make educated guesses about what you've chosen. This leaves him no alternative but a brute-force search, trying every possible combination of letters, numbers, and punctuation.

Password tips:

• Do change your password frequently such as every month.
• Do use a different password for every account you maintain online.
• Do use a password with non-alphabetic characters, e.g., digits or punctuation.
• Do use a password that is easy to remember, so you don't have to write it down.
• Don't use any names of family, friends, pets.
• Don't use your telephone number, zip code, your initials, any part of your name, or address.
• Don't use a password shorter than six characters.
• Don't reuse any portion of your old password
• Don't use a word contained in dictionaries, spelling lists, or other lists of words.
• Don't let anyone observe you using your password.
• Don't use your login name in any form (as-is, reversed, capitalized, doubled, etc.).
• Don't use a password of all digits, or all the same letter.
• Don't respond to any request for your password.
• Don't let anyone know your password.
• Do not check the "remember my password" feature, without considering the value of the data the password protects.

Do you:

• Deactivate accounts for terminated or transferred employees in a timely manner?
• Deactivate employee accounts that have not been used in a long time?
• Not allow shared accounts?
• Require passwords for access to department workstations and servers?
• Require that passwords be periodically changed?
• Emphasize to users that their password should be kept secret?
• Require that passwords not be written down or shared?
• Log and review multiple tries to enter a password for a given account?
• Prevent users from choosing passwords that have been used only a short while ago?

Related Links:

Choosing a good password
Password tips