A series on password policies
Have you seen the password joke that’s gone viral? It’s a computer prompt saying, “Sorry, but your password must contain an uppercase letter, haiku, gang sign and hieroglyph.”
It wouldn’t be so funny if it wasn’t so true. It can seem like passwords are taken entirely too seriously. Which makes complexity requirements seem like more trouble than they’re worth. That’s why many of us just swap a few letters with numbers and move on to more important things.
But here’s where the joke is on us. Cyber criminals know that most of us don’t take our passwords seriously. They know we don’t want the hassle of making them complex. And they’ve figured out that most of us are swapping out the same numbers and letters in our complacency.
Don’t believe me? Let me know if you follow any of these patterns:
- Replacing the A’s with @ signs
- Swapping all of the O’s with zeros
- Taking out each S and use $ instead
- Capitalizing the first letter
- Adding numbers to the end
Don’t get me wrong – special characters are a great way to add complexity to your password. But they don’t work as well when we’re following the same patterns as everyone else. A predictable password doesn’t stand a chance against the database of known passwords that is being compiled by criminals.
So what can you do to make sure your password is unpredictably complex? Follow these three simple steps.
Assess the complexity of your password.
Get a free access rights assessment by a credible cyber security company. They’ll check the configurations for password complexity and the rest of your password policies. Then they’ll check everything else that could undermine the security of your organization.
Make your password more complex.
Implement a cyber security plan that protects your data and ensures your password policies are enforced. This means changing policy configurations to follow best practices. When it comes to complexity, expect upper and lower case letters, special characters, and a minimum length. These make your password far more difficult to crack.
But also expect to use a passphrase rather than a password. This is a tip we mentioned in a previous post, “The password mistake you’re still making.” A passphrase allows you to string together the first letters of a long phrase. For example, you could turn this: Ted is the valedictorian in 2017. I am proud! Into this: Titvi2017.Iap! A passphrase is both memorable and unpredictable.
Monitor the complexity of your passwords.
Continually monitor your configurations so that your passwords remain complex. Make sure that they’re effective; make sure they’re enforced; and make sure to keep up with best practices. Your corporate data depends on it!
Umesh Verma is the award-winning CEO and driving force behind Blue Lance, the global provider of cybersecurity governance solutions. For more than 25 years, Blue Lance’s automated software solutions have been protecting digitally managed corporate assets by assessing, remediating, and monitoring security of information systems. Call Blue Lance at 1-800-856-2586 for your 25-point Access Rights Assessment, or get social with us on LinkedIn, Facebook, or Twitter.