Top ten tips for better password management

There is an article on Silicon.com about how companies can manage their passwords. The author offers the following tips for fostering a culture of secure and more effective password management:

1. Passwords must not be written down.
2. Passwords must be set. When the password is “ChangeMe”, then change it.
3. Require as few passwords as possible. Balance how much password protection you need with how many passwords can reasonably be managed.
4. Staff must change their passwords regularly. This limits the likelihood of old passwords, shared between colleagues in less-secure times, coming back to haunt you.
5. Make new passwords new. Old password = “Rowanda1″. New password = “Rowanda2″. Not good.
6. Avoid obvious words. Passwords must be more complex than a single word which can be hacked with a dictionary attack.
7. Think long – but not too long. A password which consists of at least eight characters with a mix of upper case, lower case and numbers is a good start.
8. Automate password changes. The process of making staff reset and choose secure passwords must also be automated.
9. Educate staff. Ensure password policy is written into employment contracts and that all staff understand why and what that entails.
10. Look at long-term solutions which will eventually replace passwords – such as biometrics.

I believe that most of the above applies to individuals as well. In fact, tip number 10 is already a reality for the average consumer like you and me. Search Google for “biometric password manager” to see what I mean.

Personally, I have tens of passwords I need to keep track of. Since I avoid writing passwords down and it is impossible for me to remember them all, I rely primarily on my password manager software and sometimes on my memory when I am faced with “Please enter your user name and password”. Maybe I should try this new APC Biometric Password Manager, or something similar.