On June 6, 2012, LinkedIn, the premiere career networking website announced the theft of approximately 6.5 million passwords. It is likely more than one of you reading this blog were victims. Such incidents should be alarming, but because there are so many of them, we are becoming somewhat inured to these massive security breaches.
The LinkedIn event prompted millions of users to change their passwords, but did they choose a stronger one? Having a strong and less decodable password has become more important than ever before — it’s critical to safe Web browsing and to your email security. The risk of someone getting one of your passwords is increased if you are using the same password on a number of sites. It would be as if someone got the key to your house and soon discovered it also opens your car, your office and your safety deposit box!
That’s why we would like to share some tips from an article posted on thegeekstuff.com. It provides some excellent guidelines you might want to consider when assessing the passwords you are using now. First, a major reason so many passwords are weak is understandable – the simpler the password, the easier it is to remember. But simplicity and brevity do not make for an effective password:
Rule 1: Length and Complexity
Password length should be at least 8 characters long – the longer the better – and the password should contain at least 4 characters – preferably 5 – from the following: Lower case letters, upper case letters, numbers and special characters, i.e. #%_, etc. This is particularly important for passwords used for your banking or other financial activities.
Rule 2: Use Tools for Retention
There are free password management tools available that will store your passwords in an encrypted state so you don’t have to depend entirely on memory. Here is one I found on the CNET site: http://download.cnet.com/Free-Password-Manager/3000-18501_4-75144546.html
You can also use a naming convention that only you will know – take a phrase you like and use the first letters of each word or take a familiar name and replace some of the letters with special characters.
Rule 3: Use unique passwords – Change them often
Don’t use the same password on more than one account and change passwords at least every six months. Currently, some websites force you to change your password at proscribed intervals, but even when that doesn’t happen, schedule changes of all your passwords to keep them secure.
Rule 4: Don’t write them down or share them with anyone
This should go without saying, but don’t keep your passwords on your computer in a text file, or write them down and leave them easily accessible. Don’t share your passwords with anyone unless you trust them implicitly. You never know when your confidential information might be inadvertently exposed.
Rule 5: Don’t send your password via email
This can make you vulnerable to the hacker exploit of mimicking a trusted site and sending you an email asking for you login information. Legitimate entities never ask you to send confidential information such as passwords via email.
Rule 6: Don’t enter your password on a computer you don’t own
This is important if you are using a computer of someone you don’t know well and is especially critical for sensitive websites having to do with your banking or other finances. Hackers can use a variety of means including key logging to obtain passwords illegally – don’t give them the opportunity by entering passwords on an unknown or unsecured computer.
EdgeWave Security Products
Count on EdgeWave Security Solutions to provide Secure Content Management for your organization. iPrism Web Security with cloud-based Remote Filtering and iPrism Social Media Security and the ePrism Email Security Suite, including Continuity, Data Protection Services with Encryption and DLP and secure Archive, offer multi-layered protection, ease-of-use and low TCO. They are the affordable and hassle-free solutions that are ideal for small and mid-sized organizations in any industry or sector.