Network Security: Password Creation and Use
One of the most important aspects of network security is the use and creation of passwords. Passwords, should be considered top secret. Your network password is the one thing that keeps an impostor from logging on to the network by using your username and therefore receiving the same access rights that you ordinarily have. Guard your password with your life.
Here are some tips for creating good passwords:
Don’t use obvious passwords, such as your last name, your kid’s name, or your dog’s name.
Don’t pick passwords based on your hobbies, either. A friend of mine is into boating, and his password is the name of his boat. Anyone who knows him can guess his password after a few tries. Five lashes for naming your password after your boat.
Store your password in your head — not on paper. Especially bad: Writing down your password on a sticky note and sticking it on your computer’s monitor. Ten lashes for that. (If you must write down your password, write it on digestible paper that you can swallow after you’ve memorized the password.)
Most network operating systems enable you to set an expiration time for passwords. For example, you can specify that passwords expire after 30 days. When a user’s password expires, the user must change it. Your users may consider this process a hassle, but it helps to limit the risk of someone swiping a password and then trying to break into your computer system later.
You can also configure user accounts so that when they change passwords, they can’t specify a password that they’ve used recently. For example, you can specify that the new password can’t be identical to any of the user’s past three passwords.
You can also configure security policies so that passwords must include a mixture of uppercase letters, lowercase letters, numerals, and special symbols. Thus, passwords like DIMWIT or DUFUS are out. Passwords like 87dIM@wit or duF39&US are in.
A new trend is the use of devices that read fingerprints as a way to keep passwords. These devices store your passwords in a secret encoded file, then supply them to the requestor — after the device has read your fingerprint. Fingerprint readers used to be exotic and expensive, but you can now add a fingerprint reader to a computer for as little as $50.