Business Continuity Tip of the Month

Open Sesame (part 1)

Access to your IT systems is protected by passwords, right?

The trouble is, many passwords are dead easy to crack by any hacker worth their salt. A couple of common practices which give them an easy ride are :

  • Obvious passwords on administration login ids, such as “admin” on the admin id, “backup” on the backup id, or a password of “password”. It is estimated that 70% of administration ids have easy passwords such as these. Strangely enough, hackers know this and this is a very common way for them to gain access to systems.
  • Users choosing easy to remember passwords, such as names, or everyday words. A “dictionary attack” can crack this type of password in minutes.

There are a number of very simple things that can be done to make passwords much more secure, including :

  • Using numeric and other characters. Including some of the more obscure characters is particularly good.
  • Substituting letters in a word for numbers, eg 0 for o, 1 for l, 2 for z, etc (be as creative as you like here.)
  • Using the first letter of each word of a phrase or saying, rather than using a word. This results in a password which is difficult to guess but still easy to remember.
  • Using the optimum number of characters (eg 7 or 14 for NT passwords). Talk to your techies or security people for advice.
  • A combination of all of the above.

Why make life easy for the hackers when it’s easy to make life more difficult? Conduct a review today and make sure the passwords in use at your organisation really are secure.

To be continued…