The Best Security Tip Ever: What's the Password?

Updated: April 30, 2009

What's in a password? A lot, because it's the first, cheapest, easiest-to-implement and potentially most powerful tool in your business's security arsenal. But, like any tool, it takes knowledge and practice to be able to use passwords skillfully and effectively. Here's how you can help your employees create passwords that are both usable and secure.

Always change a pre-supplied password. Many products come with placeholder passwords such as "administrator" or "password." Using these stock terms as passwords is about as effective as using no password at all.

Make the password long enough. A password should be at least eight characters long — the longer the better.

Don't use ordinary names or words. Names and words, whether in English or any other language, can be quickly identified through the use of programs that scan through dictionaries at high speed and guess at passwords.

Use passwords that include numerals, punctuation, and upper- and lowercase text. Anything that makes your password more difficult for enemies to guess is a good thing.

Use mnemonics. Create a sentence you can easily remember, such as "My two daughters' names: Katie and Sandy." Now take the first letters of each word in the sentence, turn any numbers into numerals, retain the capitalization and include the punctuation. The easy to remember yet highly secure result: "M2dn:KaS."

Avoid writing down the password. If you don't trust your memory, write down a hint, such as "names of daughters."

Use encryption. If a password must be written down, it should be placed in an encrypted file that isn't named something like "passwords" or "security codes." A password manager is the best approach. Vendors such as Citrix Systems Inc ., and WhiteCanyon Inc . offer password managers that are both secure and easy to use.

Never loan or share a password. A password is like a toothbrush, so never loan out a password to a friend or colleague. Instead, try to help the person obtain his or her own account or limited-time guest privileges.

Use different passwords for multiple accounts. A single password is easy to remember. On the other hand, if that password is ever lost or stolen, it means exposing multiple systems to a thief or a snoop.

Don't use the same passwords for home and work. Mixing personal and business passwords is never a good idea, particularly because home accounts may be used by multiple individuals (such as a spouse or children) who aren't employees and may not be as careful with password data.

Change passwords frequently. Like bread, passwords go stale. Changing a password every few week ensures that even if your password is stolen by a careful thief or snoop who manages to access your account without leaving a trace, it won't be operational for very long.

Related Categories
Featured Research
  • Baselining Best Practices

    IT must ensure new applications are rolled out quickly, reliably, and without risk, while at the same time guaranteeing performance and availability. Read this VirtualWisdom white paper to find out how to achieve application-aligned infrastructure performance, and more. more

  • Next Generation End User Experience Management: APM

    In an era of new technologies and cloud-based application delivery models, your business success depends on your ability to ensure optimal application performance and quality user experiences at all times. This complimentary white paper from AppNeta will enlighten you to the new frontiers in end user experience management and much more. more

  • Video: Create an Integrated, Collaborative Microsoft Lync Environment

    Consider HP as your Microsoft Lync Solutions provider! more

  • Optimizing Application Delivery to the Network Edge

    Increasingly, the success of business is being tied to the network. The transformation of the network and IT can help organizations deliver and support highly available applications and services while reacting more quickly to changes in the business environment. In this complimentary white paper from IDC, learn how HP can help its customers and partners improve the overall application experience. more

  • Networking Routers Buyer's Guide for SMB & Enterprise

    This buyer's guide presents an overview of leading products on the market today and aims to improve research for companies needing to purchase or upgrade their equipment. more