Your password is the key to your computer -- a key much sought-after by hackers as a means of getting a foothold into your system. A weak password may give a hacker access not only to your computer, but to the entire network to which your computer is connected. Treat your password like the key to your home. Would you leave your home or office unlocked in a high crime area?
Too many passwords are easily guessed, especially if the intruder knows something about their targetís background. It's not unusual, for example, for office workers to use the word "password" to enter their office networks. Other commonly used passwords are the computer user's first, last or child's name, Secret, names of sports teams or sports terms, and repeated characters such as AAAAAA or bbbbbb.
With some combination of both upper and lower case letters, a six letter password has 19 billion possible combinations. If you increase the password to eight letters and use both upper and lower case letters, there are 53 trillion possible combinations. Substitute a number for one of the letters, and there are 218 trillion possible combinations.
With eight characters, including at least one upper case letter, lower case letter, number, and special character or punctuation, there are 6,095 trillion possible combinations. This is still crackable, but requires a more sophisticated program, a far more powerful computer, and far more time.1 Adding more characters makes it even more difficult to crack.
Here are some simple guidelines for selecting a strong computer password.
There are several tricks to developing a password that meets these requirements but is still easy to remember.
The password used for logging on to your office computer should be different from the password you use to log in to a web site on the Internet. The password used to log in to a web site is far more exposed to potential compromise. Any time you log in over an external network, your password is vulnerable to being stolen unless it is encrypted. Using a separate and unique password for your office computer helps protect the security of the office network.
Once you have selected an effective password, protect it. Resist the temptation to write your password down. If you do, keep it with you until you remember it, then shred it! NEVER leave a password taped onto a terminal or written on a whiteboard. You wouldn't write your PIN code on your automated teller machine (ATM) card, would you? You should have different passwords for different accounts, but not so many passwords that you can't remember them. Do not allow anyone to observe your password as you enter it during the logon process.
Do not disclose your password to anyone, not even to your systems administrator or maintenance technician. They have no need to know it. They have their own password with system privileges that will allow them to work on your account without the need for you to reveal your password. If a system administrator or maintenance technician asks you for your password, be suspicious (for reasons discussed under "Social Engineering" and in Case 2).
Use a password-locked screensaver to make certain no one can perform any activity under your User ID while you are away from your desk. These can be set up so that they activate after the computer has been idle for a while. Strange as it may seem, someone coming around to erase or sabotage your work is not uncommon. Or imagine the trouble you could have if nasty e-mail messages were sent to your boss or anyone else from your computer, or your account were used to transfer illegal pornography.
Owing to the important of user identification and the many problems with passwords, considerable research is now focused on the development of biometric identification systems. In the future, password access to networks containing sensitive information will probably be replaced by some form of biometric identification such as a fingerprint scanner.2