About Me

My photo
JHC Technology is a Service Disabled, Veteran-Owned, Small Business based in the Washington, DC Metro area. Our primary focus is to offer customized solutions and IT consulting to our Commercial and Government clients. Our experts have a broad experience delivering and managing Microsoft Enterprise applications and Cloud and Virtualization Solutions, as well as mobilizing Enterprise data.

Friday, November 1, 2013

Password Health: Are Your Passwords Secure Enough?

How healthy is your password?  Do you know what to look for to determine the health of a password? Depending on whom you ask, the answer may differ. In this blog post, I will give you my 2 cents, which could be worth more.

First, how old is your password? 
There is a reason why work requires you to change your password every so often. Standard practice is to change it every 90 days.

Second, how complicated is your password?  
In order to increase the security of your password and decrease the likelihood that someone can easily guess what it is, most employers require that you set password using upper and lower case letters with a variation of numbers and special characters.  The length of a password is also key in maintaining good security practices.

Nowadays there are so many passwords one would need to memorize and keeping track of every single one could get challenging. So lets start by breaking down your most common password categories.
  • Banks
  • E-mails
  • Home
  • Social Sites
  • Phone
  • Computer / Mobile Devices
  • Home WiFi network 
Some categories are more important that others so one would think that the passwords are more complicated and therefore harder to break…or are they?

You have to consider that the bad guys are always trying to get into your accounts. However, they usually get into accounts that are weaker than others.  The more difficult the account is to break into the longer it will take the bad guys to get into it.

The bigger corporations have additional security requirements to allow you to get in, which is great, but not fool-proof.  If you are asked for a password and PIN to get into your accounts and you have a habit if picking a PIN that is your birthday, then all the bad guy has to do is know a little bit of info about you and he is in.

For example, do you use your kids, pets or any other identifiable item that is unique to you in your password?  Good security practice suggests you use other criterion that is a little difficult for bad guys to guess.

Here's What I Recommend
I remember I was once advised to use a line in a song, then start replacing certain letters for numbers and special characters. Obviously it has to be something that is easy to remember, but you have to stick with a routine that is easy enough for you to manage.  It doesn’t have to be songs, but maybe a quote from a movie, a poem, a line from a book or even a phrase.  All in all, the password complexity would exist and you can still remember it. I know it takes time, but it can be done. 

Just remember, the longer that password, the more difficult you make it for the bad guys to have to guess it.  So ask yourself these key questions:

  • When was the last time you changed your passwords? 
  • Are you using common words or names of people and birthdays?
  • Are you making your passwords more challenging for hackers to break?
You may even want to consider using password-management software if you find it too difficult to remember all of your passwords. 

Quick Tip:  If you are a Google user (Gmail, Google Drive, Google +, YouTube) , consider using Google Authenticator.  It is a token based app generator that gives users an extra layer of security. 
You just need a smart phone to install the app, but after you install and configure it, all your Google services will require the use of this tool.  It basically generates a code, so when you go to check your e-mail, for example, and you type in your password it will also prompt you for this code (similar to multi factor authentication - MFA)  You can read up more on this here: http://www.google.com/landing/2step/?utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha

Ernesto Fuller is the Senior Security Administrator for JHC Technology.  He can be reached at efuller (at) jhctechnology.com or connect with him on LinkedIn.




2 comments:

  1. It is very important to save our passwords. This content creates a new hope and inspiration with write me an essay online. The way you have stated everything above is quite awesome.

    ReplyDelete
  2. This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.
    AWS Training in Chennai

    ReplyDelete