Thursday, July 28, 2011

What's in a Password?

So what's the big deal if my password is 1234   ???

Well that depends on what the password is protecting.

Passwords are like  = Keys & Locks. A weak password is like a skeleton key.

If your only locking the hallway closet, a skeleton key (or password of 1234) is probably fine. But if your protecting your Home front door, your office door, your gun safe, etc; then I bet you would NOT use a skeleton key.

Likewise when you are protecting your bank account, company computer, important emails, etc; then a password of 1234, 1111 or similar is just the same as a skeleton key. It's no good. It may stop a passerby from gaining access, but it's worthless to anyone with any real desire to enter.

"But I don't have sensitive or important data, I don't care if others have access....."

Wrong. If you think this way, perhaps I can help readjust your perception.  You may not care (but I'm sure you do) if anyone in the world can 'see' your company information, personal and business documents and emails. But I bet you care very much if you lost all that. By having a weak password, you ARE GIVING AWAY ACCESS.

Basically allowing anyone to:

  • Tamper with
  • Destroy
  • Steal
  • Impersonate
  • Compromise your identity

You are also letting others take control of your computer, possibly even your server and thus your company.

Weak passwords can allow spammers to hijack your computer, and use it as a relay to mass spam others. This can cause others to block your legit emails, spread viruses to those in your contact list, cause your ISP to lock your Internet altogether.

Although this applies to anyone in the world, remember 70% of my Clients are local Fresno/Madera People. Everything I've mentioned in this post, I have been eyewitness to.

What your pass should not be:
  1. Any part of your name, address, phone number
  2. An actual word  
Example of BAD Passwords:
  • 1111
  • 1234
  • admin
  • user
Example of WEAK Passwords:
  • nathan1234
  • dogcat55
Example of GOOD passwords:
  • 83cyq92Ap
  • 9588rySq3
Example of STRONG passwords:
  • gx.T37sq+2cq 

What Password for What Purpose:
BadNot good for anythingCan be guessed by my 4 year old son.
WeakOk for home PC login, or non-important protectionWill keep out the passer by.
GoodGood for Company, Personal or Confidential loginsWill keep out most people.
StrongGood for Servers and Financial logins.Would take some strong hacking. 

As much as I hate passwords, I hope this has prompted you to rethink your password.

What your pass should be:
  1. Alphanumeric (contain at least 1 letter and at least 1 number)
  2. Have upper and lower case
  3. 8 characters or more
I suggest creating abbreviations or acronyms that only you would know, mix it with some #'s, make something upper case, and usually you end up with a pretty good password.

Happy Clicking!

Nathan DeSutter
IT Consultant

No comments:

Post a Comment