It never ceases to amaze me what some people will come up with when you ask them to change their password. I see people naturally wanting to use their name, their cats name or their 4 digit bank account PIN number (and I'm certain this isn't you). It is equally disturbing when I see service providers (which I will leave unnamed, <coughing>, Digital Max) give out a common password and not require that you change it on first logon. I can surely understand this phenomenon as It seems like everything requires a password with the complexity requirements, frustratingly different between applications. People's inclination naturally is to come up with something easily remembered. This is any security-conscious admin's nightmare as you can have the sweetest "statefull" firewall, the best IDS/IPS, and the most current anti-mailware software but if someone can guess your password, its all pretty-well worthless.
You might ask "who would want to attack me?", but the reality is that there are programs built to simply guess passwords billions of times over and they are scanning any "Internet facing" system for login prompts. Hundreds of times a week your systems are being poked and prodded for different services and applications. You can be sure that if your password is dictionary based, it wont take long for an account to become compromised.
I challenge you to check your password: www.PasswordMeter.com. This site essentially grades you on components of your password. A good password should contain both upper and lower case letters, numbers and some kind of symbol(s) (e.g. %&#@!./)
Another tool that I find useful is KeePass. This totally free application will store all of your passwords in one location. I find this especially useful for passwords I don't use that often. I have used this program for years and maintain a list that would rival most. It keeps a database containing your passwords and when you are not using the application, your passwords are safely encrypted and only decrypted when you need them based on a Pass Phrase.
Posts
