Passwords

Strong Passwords

The stronger your password, the more difficult it will be for a hacker or other criminal to figure out. Below you will find some tips for ensuring that you have a strong password.

When creating a password, try to be creative. The more obscure the password, the more difficult it will be to hack. Never use passwords that include birthdays, phone numbers, or anything pertaining to your life. The most common passwords are pet's names, addresses, and parts of your Social Security number. They can be guessed.

Never tell anyone else your password. If your computer is in a public place, or a place where it can be seen by people other than you, never write your password down near it.

There are hacking programs that try to determine another person's password by periodically trying all the words in the dictionary between a range, say 4 and 12 letters.

Some hacker programs will try to determine a password by trying successively aaaa, aaab, aaac,...up to zzz9, and then go on to five letters, then six, and so on. The longer your password is, the more time it will take a person to find it. Think about it—using only numbers and letters, there are more than two billion possible six-letter passwords.

It is a good idea to use a different password for secure environments than the one you use for those that are less secure. This way if an attacker manages to find out what your "home" password is, they will not be able to follow you to work and use that information against you.

Don't be lazy. Type your login and password every time you need to use it. Do not let your computer auto-fill your login or save your passwords. If your password fills in automatically, malicious individuals could have easy access to all your information.

If you are the system administrator for a business, have your procedures state that employees must periodically change their passwords; every three months is a common frequency. That way, even if a hacker does get their password, it will be valid for only a short time. Insist that they avoid changing their password from enterprise1 to enterprise2 or enterprise3, etc.

The CERT^® Coordination Center has more information about using strong passwords.

Password Protected Screen Savers

Having a password-protected screensaver can reduce the chance that others are able to access your data. These can be set up so that they activate after the computer has been idle for a specified amount of time (5 minutes, 10 minutes, etc).

Leaving your computer available to unauthorized coworkers or family members can jeopardize the integrity of your system and the security of your network. Also, this could allow children to access the computer at times that you deem inappropriate. With this in mind, you should be cautious regarding who you allow to access your machine.

You should note however, that someone could easily bypass the password protection on some operating systems and third party screensavers with special software that exploits the "auto run" feature that most users have enabled. This bypass can be avoided by turning off the auto run feature on your CD-ROM if you are using Windows 95, 98, or ME or if you are using a third party screen saver on any operating system.

More information can be found at Microsoft's website regarding disabling auto run in Windows 95, 98, and ME.

Learn how to password protect your screensaver in:

Windows XP
Windows Vista
Windows 7
Mac OS X