I have recently implemented a stricter password policy at the Alumnae Association which requires staff to use more complex and longer passwords that will need to be changed on a regular rotation and they will not be able to use the same one. Although you may consider password policies to be inconvenient and a hassle, however, without them you could experience even bigger hassles, such as:

  • Loss of data, either by it being deleted, corrupted or stolen.
  • Personal information being stolen: passwords, credit card numbers, bank accounts, addresses, etc.
  • Your computer can be used as a "zombie", meaning that it could be used without your knowledge to deliver spam, commit click fraud, host phishing web sites, deliver denial of service attacks, host pornography, etc. Learn more at Wikipedia.

Passwords can be the weakest link in a computer security scheme. Strong, hard-to-guess passwords are important because the tools and computers that people use to guess passwords continue to improve. Network passwords that once took weeks to guess can now be guessed in hours.

Password-guessing software uses one of three approaches: intelligent guessing, dictionary attacks, and automation that tries every possible combination of characters. Given enough time, the automated method can guess any password. However, it can still take months to guess a strong password

To help keep your computer more secure, you should use a strong password. While this is a good practice in general for all of your computer accounts, it is especially important for your network logon and for the Administrator account on your computer.

For a password to be strong, it should:

  • Be at least seven characters long. Because of the way passwords are encrypted, the most secure passwords are seven or 14 characters long.
  • Passwords should contain characters from each of the following three groups:
    • Letters (uppercase and lowercase) A, B, C... (and a, b, c...)
    • Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
    • Symbols (all characters not defined as letters or numerals) ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /
  • Have at least one symbol character in the second through sixth positions.
  • Be significantly different from prior passwords.
  • Not contain your name or user name.
  • Not be a common word or name.
An an example of a strong password is: J*p2leO4>F

Protect your password:
  • If passwords must be written down on a piece of paper, store the paper in a secure place and destroy it when it is no longer needed.
  • Never share passwords with anyone.
  • Use different passwords for all user accounts.
  • Change passwords immediately if they may have been compromised.
  • Be careful about where passwords are saved on computers. Some dialog boxes, such as those for remote access and other telephone connections, present an option to save or remember a password. Selecting this option poses a potential security threat.

Do you need some help coming up with a strong password? Then checkout Goodpassword.com. They have two options: a totally random password or a leet password. Leet passwords are easy to remember acronym passwords generated by combining the first letter of each word, randomly changing the case, and replacing alphanumeric characters with their Leet (1337) equivalents, that is characters that look and/or sound the same.

To see how strong your password is visit Securitystats.com and enter it to be graded on a scale with explanations of what you need to improve your password if it is lacking.

Passwordbuilder.com provides you with some optional memory aids.

Ideally you should have multiple passwords that you can change often, but that can be difficult to keep track of. Check out PasswordVaulttoGo. There are versions for Windows, Linux and Macs. It fits on a USB key and can generate, store and manage your passwords. It features very (almost insanely) strong 896-bit encryption. There is a free version that supports up to 15 accounts.

Remember not to take your passwords for granted!