Business Continuity Tip of the Month   -  March 2002

Open Sesame (part 1)

Access to your IT systems is protected by passwords, right?

The trouble is, many passwords are dead easy to crack by any hacker worth their salt. A couple of common practices which give them an easy ride are :

  • Obvious passwords on administration login ids, such as “admin” on the admin id, “backup” on the backup id, or a password of “password”. It is estimated that 70% of administration ids have easy passwords such as these. Strangely enough, hackers know this and this is a very common way for them to gain access to systems.
  • Users choosing easy to remember passwords, such as names, or everyday words. A “dictionary attack” can crack this type of password in minutes.

There are a number of very simple things that can be done to make passwords much more secure, including :

  • Using numeric and other characters. Including some of the more obscure characters is particularly good.
  • Substituting letters in a word for numbers, eg 0 for o, 1 for l, 2 for z, etc (be as creative as you like here.)
  • Using the first letter of each word of a phrase or saying, rather than using a word. This results in a password which is difficult to guess but still easy to remember.
  • Using the optimum number of characters (eg 7 or 14 for NT passwords). Talk to your techies or security people for advice.
  • A combination of all of the above.

Why make life easy for the hackers when it’s easy to make life more difficult? Conduct a review today and make sure the passwords in use at your organisation really are secure.

To be continued…

 


Subscribe

Did you know that Acumen’s Consultancy Director, Andy Osborne, publishes an expert tip each month for people with an interest in developing a business continuity capability?

Why not subscribe now and have Andy’s ‘Tip of the Month’ delivered to your inbox.

Andy also writes the occasional blog, which is somewhat more light-hearted, but with a serious business continuity message. Subscribe to ‘Oz’s Blog’ instead and receive an email notification when Andy posts a blog, in addition to the Tip of the Month emails.

 

Please note that by submitting this form you are opting in to allow us to use your information to contact you and to store and handle your information as per our Privacy Policy