Friday, April 8, 2011


Password Management Best Practices

A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password should be kept secret from those not allowed access.

    1. Importance of password: You cannot be assured that the password you choose is a secure one.
    2. The Importance of Strong Passwords: Keep your computer, data and accounts safe with strong passwords.
    3. The importance of an effective password policy: The need for an effective password policy is so obvious.

Password Management Best Practices: Password Creation and Maintenance

  • Sharing passwords is a security risk.
  • Do not divulge your password to any one.
  • Enter your user-id and password only in the space provided for- that you are normally used to.
  • If there is any changes from normal make sure there is no attempt to steal your personal information before providing it.
  • Do not provide user-id and passwords on any page that appears as a popup when you click on a hyperlink received through email. Better practice would be to log on to the service by typing in the URL in the address bar after making sure the page opening up is from the genuine service provider.
  • Do not store passwords in a file on ANY computer system (including Palm Pilots or similar devices) without encryption.
  • Change passwords at least once every 90 (ninety) days.
  • Unique Characters: An effective password must have at least five (5) different characters. Repeated characters can make for palindromes and make it easier to crack.
  • Character Types: An effective password must have characters from at least three (3) different character types -- upper case, lower case, digits, punctuation, etc. A password that includes a sample from a rich character set is difficult to crack.
  • Long Alpha Sequences: An acceptable password must not have an alphabetic sequence any longer than three (3) characters.
  • Long Digit Sequences: An acceptable password must not have a digit sequence any longer than two (2) characters.
  • Forbidden Characters: There are a few characters that will cause problems if used in a password - the "delete" character is one of the obvious ones.
  • Writing down your password: One should never write down a password. Someone may discover the password. Make the password difficult for others to guess or crack but easy for you to memorize and remember.
  • Example Of Bad Passwords, in other words passwords should not be any of the following:

1. Dictionary words (including foreign and technical dictionaries)

2. Name of a person or a thing, a place, a proper noun, a phone number or a vehicle number

3. Simple pattern of letters on keyboards

4. Any of the above reversed or concatenated

  • One possible method for picking a good password is to make up your own acronym.
  • Do not let your computer remember your password . Do not accept auto complete option provided by your computer/ browser.

Please remember, if you do , make sure you have a strong password to logon to your computer.

  • As far as possible do not use un-trusted system to access a sensitive service. If you must, change the password on the first occasion immediately thereafter from a trusted system


About bench3 -

Haja Peer Mohamed H, Software Engineer by profession, Author, Founder and CEO of "bench3" you can connect with me on Twitter , Facebook and also onGoogle+

Subscribe to this Blog via Email :


Write comments
May 20, 2011 at 10:58 AM delete

If you forgot your password, you can delete it easily by using a tool in Hiren's boot CD.