Proper Password Security Will Protect Your Business

Managed IT Security San FranciscoYour IT Security Is Defunct If Passwords Are Easy To Hack

Password security is one of the most effective means of providing effectual IT security; but ironically, this simple measure is often underplayed. The reason is simple: hard passwords are difficult to remember. Most people who are logging into their systems on a daily basis don’t want to revert to a codebook in order to access their data every time they log in. But even keeping a password in a code book can be a very unwise idea, as all a hacker needs is to access said book. In an arena of high corporate profit, it is not to be ruled out that some corporate espionage tactic employing a deep-cover janitor may eventually compromise your business.

What Does An Ideal Password Look Like?

The ideal password looks like this: it is eight characters or more, employs a capital letter, a number (or numbers), and a symbol. But don’t go with the easiest thing you can think of — hackers are just as smart as you! “Password123!” is going to be hacked quicker than you can say … well, anything — that particular combination of letters, numbers, and symbols is kind of a go-to password for many, and so a go-to for hackers trying to break into your system. People aren’t as individualistic as you may suppose. There are several thousand combinations like that which are regularly used in most places, and hackers who are savvy will go through these regular passwords one-by-one before even throwing any software at the problem.

The Hacking Value of Brute Force

That being said, when it comes to what’s called a “brute force attack”, there are countless software options easily found online that allow hackers to try tens of millions of possible password combinations every second. Software of this caliber can guess any five-character password in under three hours. If you’re only using lowercase letters, this just takes a matter of seconds. Without cogent password security, you may as well not have any IT security at all.

Solutions Hiding In Books

If you want a really hard to crack password, use a phrase and insert letters and numbers into it. A Bible verse is ideal; “Vengeance is mine, saith the Lord,” can be augmented to “Vengeance is mine$$, saith the Lord!” Then you can remind yourself by the verse itself, so you can write down your password without it being found even if the janitor is on the take. That particular verse is Romans 12:19; so you could notate it as: R1219 — though given its reference in this article, you may want to go with something a little more obscure. Grab a genealogy out of Genesis and your account may become nigh-impenetrable!

G59 could remind you of this obscure verse: “And Enos lived 90 years, and begat Cainan#”. Letters, symbols, spaces, commas, and capital letters are all easy to remember, and notated by what appears to be a coordinate of some variety. Isn’t that much easier than: “J38!ddieoi##890”, or some crazy combination like that?

Some Good Practices to Consider

To review, the hallmarks of a good password include:

• A length eight characters or longer
• Numbers, letters, and symbols included
• A non-common password that can’t be guessed
• Something memorable enough it isn’t hard to recall
• Something that can be notated without direct reference
• A password protocol that can be regularly changed without difficulty

The thing about password security is that it can be “too good”. Organizations like IBM force password changes on a monthly basis; sometimes weekly. If you’ve got “”J38!ddieoi##890” as a password, good luck memorizing it. You’ll have to write it down, and then Janitor Bob can sneak it off to wherever his handlers reside. IT security that’s too hard to manage is as much a hazard as that which is too simple. The proper approach incorporates balance.

Conclusion

In the end, you can either go with the obfuscated random approach where letters and numbers are combined higgledy-piggledy into a conglomeration of characters virtually impossible to remember, or you could use a phrase that’s easy to parse, and comes from a book with many such phrases available for use. What’s integral is that you put some considered thought into it.

 

Avatar

Mark McGarvey

Mark McGarvey is president of One Click Solutions Group, a managed services in San Francisco and security provider serving small and mid-sized businesses with 20 to 100 employees in the Bay Area. Mark began his career in msp consulting, before living in San Francisco, in the 90s as a senior support technician for a then-small company in Austin, TX called Dell. After working for a number of organizations in desktop support/management and systems administration, Mark realized a passion for two things: Ensuring computer systems ran smoothly and keeping the people that used these systems happy and productive. This passion helped him get his IT business started in San Francisco!  As a small business owner, Mark empathizes with other business owners that need computer support in San Francisco and understands the things dearest to them: Increasing productivity and efficiency and keeping costs low and ROI high.