Good Password Practices To Follow

The best passwords are easy to remember, but hard to guess. So why are employees (including yourself) forgetting them at times? How do we get out employees to adhere to good password practices and not write them down? The yellow sticky note stuck to the bottom of your keyboard is not a good practice for you or anyone else to follow. If you have to write passwords down, save them in a safe place, like a locked drawer or cabinet. Or exercise those grey cells and memorize the passwords you use.

Yet, no one is infallible, we all forget things. So having a backup of passwords used on a daily, weekly and monthly basis is a good thing to have, both for business and personal use.

Everyone needs to maintain a back up of their passwords in case the need to change existing ones arises, or if an application fails. That backup can be simply created in any existing computing platform you may use. One way is to use a Word document. The process is simple. Create a file and call it something other than "Passwords.DOC. Try "1998 Reports" or "Hurricanes 1932.DOC" or something else equally obscure. Anything that won't throw up a flag or attract attention by casual scanning of your hard disk.

Store the document in a directory that is non-obvious, "Hats" or "Sports2006" or somewhere else an intruder will not see right away.

In Word use the Protection feature and password protect the file in question. Each version of Word uses a slightly different command, so search on HELP to determine the one for you. You can also password protect an Excel or Power Point file if you want.

Keep in mind that password protecting your files protects against the casual attacker, but if a serious intruder wants to crack your Microsoft Office password, they can with commonly available password crackers. This approach is adequate but by no means failproof.

One alternative that has become increasingly popular is using a password vault. The idea is simple. A vault is a software package that store passwords in a secure fashion. Users enter their logins and passwords and then access them as needed for use. The entire password database is protected by some form of authentication, usually a password, and encryption.

The point is that users only have to remember one password - the one for the password vault. The machine does the work of remembering the rest. Password vaults come in many flavors and run on platforms from cell phones and PDAs to all the various operating systems commonly in use today. They vary in security levels as well, from paranoid use of authentication and tough access rules to easily circumvented and only slightly better than that yellow sticky note stuck to the bottom of your keyboard.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.