What are Passwords
Passwords
are unique strings of characters that users provide in conjunction with a User
ID, to gain access to an information resource. Passwords are critical in
ensuring privacy and security on the computers you use every day, whether at
home or at work.
People use passwords to access various resources. These resources include but not limited to: access to personal computers, applications, networks, internet services: Hotmail, Gmail, Facebook, etc... User IDs and passwords are used to authenticate users to a particular resource and sometimes are used to track user activity while using that resource.
Your passwords should be treated as "high sensitive information", and you are responsible for taking the appropriate steps to select and secure this information.
People use passwords to access various resources. These resources include but not limited to: access to personal computers, applications, networks, internet services: Hotmail, Gmail, Facebook, etc... User IDs and passwords are used to authenticate users to a particular resource and sometimes are used to track user activity while using that resource.
Your passwords should be treated as "high sensitive information", and you are responsible for taking the appropriate steps to select and secure this information.
General Password Guidelines
Information
system users should be aware of the characteristics of weak and strong
passwords in order to ensure adequate protection of their information. If
someone obtains your User ID and password, that individual can imitate or
impersonate you, and the system will not detect any anomaly. Identity theft,
credit card compromise, loss or inappropriate use of your webmail or your
social networking account could happen as a result of poor password management.
Poor passwords have any of the following characteristics:
Poor passwords have any of the following characteristics:
· Less than eight characters.
· A word found in a dictionary.
· Match or includes your username
· A common usage word such as:
o Names of family members, friends, co-workers, sports teams, movies.
o Computer terms and names, sites, companies, hardware, software.
o Word, number or keyboard patterns like "aaabbb,"
"qwerty," "123321"
· Consist of repetitive patterns such as " ahmahm",
"passpass"
· Any of the above cases preceded or followed by a digits (i.e.
"qwerty123", "111aaabbb")
· Consist of all same characters or digits, or other commonly used or
easily guessed formats.
Strong passwords
have at least three of the following characteristics:
· 8 or more characters long; (I personally recommend 10 characters)
· Contain both upper and lower case letters.
· Include digits and special characters as well as letters. (special
characters: ()*&$#@ )
· Should not be word in any language.
· Should not be based on personal information, names of family,
hobbies…etc.
One of the best
practices in creating a password is to utilize the first letters found in each
word of a well remembered sentence. For example "I spend more than
seven hours online per day" the password would be: i5Mt7H0pD (notice
the 5 instead of the s and the 0 instead of the o).
Security Tip: refrain from writing down the password. Instead, you should create
passwords that you do remember. A good password is
easy to be remembered yet hard to be guessed.
Password Protection
Handle your username and password with as
much care as your credit card. Do not use the same password for all your online services and
activities: i.e. Facebook password ≠ twitter Password ≠ hotmail password ≠
Gmail Password ≠ Online Banking password, especially if these services depend
on each other to perform password recovery (forgotten or stolen passwords).
The following is a list of things that you should
abide by to protect your password:
1.
Don't reveal your
password to anyone.(Not even individuals who claim to be from support)
2.
Don't reveal your
password in an email message.
3.
Don't talk about your
password in front of others.
4.
Don't hint at the format
of a password (i.e. "my family name").
5.
Don't reveal your
password on questionnaires or security forms.
6.
Don't share your
password with family members.
7.
Don't reveal your
password to your friends.
8.
Don't leave your
written password anywhere accessible by other people.
9.
Use a well known
updated antivirus to insure that your system is not infected by any
"password capturing malicious application". (Virus, worm, Keylogger
etc...)
10. Although systems and application hide the password characters you type
from your screen display, you are responsible to insure that no one is watching
while you type that password on your keyboard.
Changing Passwords
Passwords should be changed on regular
basis, some systems remind users that they should change their password; other
systems expire your password validity and force you to change it.
But you should keep in mind, when changing
your current password; you should not use a previously utilized password even
if it has the characteristics of a strong password.
If a
password has been compromised or forgotten, the user may obtain a new password
or have their password reset by utilizing the "forgot password"
option. This option is usually found within the login area on WebPages. This
process saves the day by sending reset instructions to:
·
Recovery email (Much
like what Hotmail, Facebook and Gmail do).
·
Mobile phone via SMS.
(Gmail)
Finally: If at any
time, you suspect that your password has been compromised, change it
immediately. Better safe than sorry!!
