Open Sesame (part 1)
Access to your IT systems is protected by passwords, right?
The trouble is, many passwords are dead easy to crack by any hacker worth their salt. A couple of common practices which give them an easy ride are :
- Obvious passwords on administration login ids, such as “admin” on the admin id, “backup” on the backup id, or a password of “password”. It is estimated that 70% of administration ids have easy passwords such as these. Strangely enough, hackers know this and this is a very common way for them to gain access to systems.
- Users choosing easy to remember passwords, such as names, or everyday words. A “dictionary attack” can crack this type of password in minutes.
There are a number of very simple things that can be done to make passwords much more secure, including :
- Using numeric and other characters. Including some of the more obscure characters is particularly good.
- Substituting letters in a word for numbers, eg 0 for o, 1 for l, 2 for z, etc (be as creative as you like here.)
- Using the first letter of each word of a phrase or saying, rather than using a word. This results in a password which is difficult to guess but still easy to remember.
- Using the optimum number of characters (eg 7 or 14 for NT passwords). Talk to your techies or security people for advice.
- A combination of all of the above.
Why make life easy for the hackers when it’s easy to make life more difficult? Conduct a review today and make sure the passwords in use at your organisation really are secure.
To be continued…