Creating A Security Awareness Plan - Creating Secure Passwords

Creating A Security Awareness Plan - Creating Secure Passwords

Intrinsec End-User Tutorial Series: Creating a Secure Password

Note: This series of papers discusses topics relevant to end-users and those that implement Security Awareness Training programs. In this paper, we discuss methods to create very strong random passwords for users.

The Problem

Passwords remain the weak link in security. Basically, passwords act as a temporary barrier to someone else claiming to be you. There are two major issues with passwords on the Internet, and at your workplace.

Issue 1: Passwords can be cracked. If an attacker can download the password database of a web server for which you have registered, chances are highly likely your password will be known and published online.

Issue 2: Quite often, people use the same password for many, if not all web sites they visit.

End Result? The hacking of a website used by your employees can wind up weakening your security program within the enterprise.

The Solution

The solution to password security is that you and your employees MUST use different passwords on all sites they use. Now, this causes an issue in that people often forget often used passwords, yet alone multiple often non used passwords.

To this end, a user can use the "salting" principle when creating passwords. How is this done? Well, you can use a standard password across the board and alter it slightly based on the website that you are using. Take the following example:

Site to visit: www.intrinsec.ca

Standard Password: L3tM3In?!? (LetMeIn with the "e" replaced with a "3", and then special characters)

Number of characters in domain name (without the www. or .ca) = 9. Take away 1 to come up with 8.

First vowel in domain name: i

Unique Password for Intrinsec.ca: L3t8M3iIn?!?

See what happened there? I took my "standard" password and then "salted" (or injected) unique characters based on the unique name of the site to come up with a non-reusable password that is very strong. This password is basically impossible to guess without having multiple samples to guess the "salting" process and it would take a password cracking program quite a while to break as it uses upper and lower case letters, numbers and special characters.

By teaching your end-users this technique, you should have a much more secure workforce using random secure passwords in both your environment and the internet as a whole.

Thanks for reading!

Graham Thompson, CISA CISSP

POST COMMENT

Cloud Security for Canadians Win Security 360 Removal Help- How to Get Rid of Win Security 360 Quickly Why you should Opt for Snuko over other Anti-Theft Security Devices? Adware Spyware Removal: Improve You PC Security Using Ad-Aware Total Security Adware Spyware Removal: Scan Viruses Using Ad-Aware Total Security DSC 1616 Security Procedure Portfolio securities analyst Backup and Security 2011from Acronis What Is In The Interface Of Ad-Aware Total Security? Setup WPA Security On A Linksys Router Setup WEP Security On A Linksys Router Frecuently Asked Questions About Chicken Koop Security Issues Will Social Security Be Rescued By a Mandatory Pension Plan?