Good Password Practices To Follow
The best passwords are easy to remember, but hard to guess. So why are employees (including yourself) forgetting them at times? How do we get out employees to adhere to good password practices and not write them down? The yellow sticky note stuck to the bottom of your keyboard is not a good practice for you or anyone else to follow. If you have to write passwords down, save them in a safe place, like a locked drawer or cabinet. Or exercise those grey cells and memorize the passwords you use.
Yet, no one is infallible, we all forget things. So having a backup of passwords used on a daily, weekly and monthly basis is a good thing to have, both for business and personal use.
Everyone needs to maintain a back up of their passwords in case the need to change existing ones arises, or if an application fails. That backup can be simply created in any existing computing platform you may use. One way is to use a Word document. The process is simple. Create a file and call it something other than "Passwords.DOC. Try "1998 Reports" or "Hurricanes 1932.DOC" or something else equally obscure. Anything that won't throw up a flag or attract attention by casual scanning of your hard disk.
Store the document in a directory that is non-obvious, "Hats" or "Sports2006" or somewhere else an intruder will not see right away.
In Word use the Protection feature and password protect the file in question. Each version of Word uses a slightly different command, so search on HELP to determine the one for you. You can also password protect an Excel or Power Point file if you want.
Keep in mind that password protecting your files protects against the casual attacker, but if a serious intruder wants to crack your Microsoft Office password, they can with commonly available password crackers. This approach is adequate but by no means failproof.
One alternative that has become increasingly popular is using a password vault. The idea is simple. A vault is a software package that store passwords in a secure fashion. Users enter their logins and passwords and then access them as needed for use. The entire password database is protected by some form of authentication, usually a password, and encryption.
The point is that users only have to remember one password - the one for the password vault. The machine does the work of remembering the rest. Password vaults come in many flavors and run on platforms from cell phones and PDAs to all the various operating systems commonly in use today. They vary in security levels as well, from paranoid use of authentication and tough access rules to easily circumvented and only slightly better than that yellow sticky note stuck to the bottom of your keyboard.