Password Best Practices ~ Vinay's Blog

Mar 31, 2010

Password Best Practices

Password – Usage and Awareness

One of the main Security Breaches is because of using non – complex passwords.
Extreme care should be taken in choosing your password. If your password is not hard to guess, then someone may be able to access or steal your data. To protect your data and yourself to some extent, you must select good passwords and secure them carefully.
Users are solely responsible for protection of the systems they use. As a security measure, computer and network passwords should be changed regularly.
Using different passwords for different systems is a best practice so that the same password won’t automatically allow access to other systems.
Hackers have some utilities that can crack any password which are found in a dictionary.
The use of good passwords acts as a prevention against password guessing and also cracking attacks, and can make “brute force” attacks to become difficult to crack

Make sure that your password is at least 8 characters.

Use password with mixed-combination (Alphanumeric). Do not just capitalize the first letter, or end with a number. The more complex a password, the longer it will take to crack.
Use a password that can be typed quickly, without seeing the keyboard. This will avoid other to look at the password when we type .This is known as “shoulder surfing.”
Change passwords regularly. It is advised to change the password at least once in a month
Try one of the following methods for password
selection:
Option 1: Select two words divided by a number or punctuation, like “Pl@nt&ati@n” or “l|0n&king”
Option 2: This is the correct option for creating a difficult password without having to remember it. By choosing a portion of the keyboard to select the password. Select on a pattern for the password.
For example, take the upper-left portion (which includes numeric)of the keyboard and select two lines using 1qa2ws

STOP using the word “password” as your password, in any form (reversed, capitalized, or doubled). This might sound very simple but in live, users are doing this as a practice
Using names of people or places as a password which is easy to hack.
Using keys in the order like “ASDFGH”, or “1234” etc
Using passwords as words with vowels deleted,
(Example: airplane -> rpln, or Super -> spr.
Using information easily obtained about you. This may include your first, middle or last name. These passwords are very easily guessed by someone who knows you.
Writing passwords in the places which can be viewed by others or in your work cabin. This is one of the most frequent ways where an unauthorized person gains access.
Using the passwords that you have already used
Sharing the passwords except during emergency circumstances. Make sure that password has been changed immediately after sharing.

Bad Passwords Description
password	Two dictionary words together
12345678	Repeating sequence.
abcdefg	Repeating sequence.
hello	Less than 8 characters, and based on a dictionary word with common letter/number substitutions.
test1234	Very common test or default password.
admin	Very common default password.
gandalf1	Based on the name of a popular character.
john	Based on the user’s name, too short, no upper case or punctuation.
ydnic	Still a proper name (even though it’s backwards), too short, no upper case, numbers, or punctuation.
Pepsi2	Product name with numbers at the end.

Good Passwords
T*x4^B9n	8 characters, uses numbers, punctuation, and upper and lower case letters.
g@F”Pl4Ce	Two words, separated by punctuation, using upper and lower case letters, and numeric substitution.
X0sf0V@ca8	Two nonsense words, upper and lowercase letters, and punctuation.
5tg^YH%TG	Simple pattern that doesn’t require memorization. Not based on a dictionary work, uses upper and lower case letters, and punctuation.
*RUF8ruf	Another pattern with appropriate characters.