There is an article on Silicon.com about how companies can manage their passwords. The author offers the following tips for fostering a culture of secure and more effective password management:
- Passwords must not be written down.
- Passwords must be set. When the password is “ChangeMe”, then change it.
- Require as few passwords as possible. Balance how much password protection you need with how many passwords can reasonably be managed.
- Staff must change their passwords regularly. This limits the likelihood of old passwords, shared between colleagues in less-secure times, coming back to haunt you.
- Make new passwords new. Old password = “Rowanda1”. New password = “Rowanda2”. Not good.
- Avoid obvious words. Passwords must be more complex than a single word which can be hacked with a dictionary attack.
- Think long – but not too long. A password which consists of at least eight characters with a mix of upper case, lower case and numbers is a good start.
- Automate password changes. The process of making staff reset and choose secure passwords must also be automated.
- Educate staff. Ensure password policy is written into employment contracts and that all staff understand why and what that entails.
- Look at long-term solutions which will eventually replace passwords – such as biometrics.
I believe that most of the above applies to individuals as well. In fact, tip number 10 is already a reality for the average consumer like you and me. Search Google for “biometric password manager” to see what I mean.
Personally, I have tens of passwords I need to keep track of. Since I avoid writing passwords down and it is impossible for me to remember them all, I rely primarily on my password manager software and sometimes on my memory when I am faced with “Please enter your user name and password”. Maybe I should try this new APC Biometric Password Manager, or something similar.
Filed in Security
on 16 May 06
| Tags: password