Passwords: Tech Can Help, but It All Starts with Users

Slide Show

Tips for Creating a Strong Password

Correct risky password behavior and reduce your chances of being hacked.

Passwords remain one of the main devices that businesses of all sizes use to safeguard their user accounts, networks and valuable data.


They also remain one of the most fragile, despite constant warnings that users are simply awful at managing passwords and that even the best passwords cannot replace other measures, such as encryption, to protect your most valuable assets.


Fortunately, the IT Downloads library has several sample policies and tools to help you manage passwords within your organization. All of these tools are available for free download to IT Business Edge subscribers.


Enterprise Password Management Guide: The National Institute of Standards and Technology devoted 38 pages to password management in this special report, so obviously there are a lot of hardwired issues relating to what might appear to be something as simple as passwords. Among the more helpful pointers:


  • Be sure to encrypt files on hosts that contain passwords, to make life harder on hackers, or even better store one-way cryptographic hashes instead of the passwords themselves.
  • Use network segregation and fully switched networks to reduce the possibility of sniffing.
  • Lock out users who make excessive, repeated failed attempts to log on. They are most likely just hackers or a bot guessing at ways to get inside your network.


If you want to get really gearheaded about password strength, the report also includes tables like the one below:



Protecting Your Passwords: This PowerPoint presentation from The Computer Guy is designed to help IT communicate the need for strong passwords and careful password management to your users - who always represent the greatest threat to password security.


Some tips:


  • Never even SAY your password aloud
  • Your password should be AT least six characters long.
  • Don't use personal info, like telephone or Social Security numbers, in your password.


A really strong password looks something like this: L*6v11E5Lgr. Not the easiest to remember, but not likely to be quickly guessed, either.


Password Policy Template: This sample policy from our partners at Info~Tech Research Group suggests that you require users to change their passwords at least every 90 days, at a bare minimum, or every 30 days if you are really serious about password security. The policy also spells out penalties for employees who fail to comply, up to termination for repeat offenders. So, yeah, it's pretty serious business.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.