Page 56 - Using MIS
P. 56

Security Guide







            paSSWordS and paSSWord etIQuette





            Many forms of computer security use passwords        phrase, “I was born at 3:00 AM in Rome, New York.” That
            to control access to systems and data. Most likely, you have   phrase  yields  the  password  Iwba3:00AMiR,NY  which  is  a
            a university account that you access with a username and   strong password that is easily remembered.
            password. When you set up that account, you were prob-  Once you have a strong password you want to avoid
            ably advised to use a “strong password.” That’s good ad-  reusing the same password at every site you visit. Not all
            vice, but what is a strong password? Probably not “sesame,”   sites provide the same level of protection for your data. In
            but what then?                                       fact, sometimes they lose your password to hackers. Then
               Microsoft,  a company  that  has many reasons to pro-  hackers can use those passwords to access other sites that
            mote effective security, provides the following guidelines   you  regularly  use.  Password  variety  is  your  friend.  Never
            for creating a strong password. A strong password should:  use the same password for less important sites (e.g., social
                                                                 networking) that you’d use to access more important sites
            •  Have at least 10 characters; 12 is even better    (e.g., online banking).
            •  Not  contain  your  username,  real  name,  or  company   You also need to protect your password with proper
              name                                               behavior. Never write down your password, do not share
            •  Not contain a complete dictionary word in any language  it with others, and never ask others for their passwords.
            •  Be different from previous passwords you have used  Occasionally an attacker will pretend to be an administrator
            •  Contain  both  upper-  and  lowercase  letters,
              numbers, and special characters (such as ~ ! @;
              # $ % ^ &; * ( ) _+; - =; { } | [ ] \ : “ ; ‘ <; >;? , ./)

            Examples of good passwords are:
            •  Qw37^T1bb?at
            •  3B47qq<3>5!7b
            The problem with such passwords is that they are
            nearly impossible to remember. And the last thing
            you want to do is write your password on a piece
            of paper and keep it near the device where you
            use it. Never do that!
               One technique for creating memorable,
            strong passwords is to base them on the first let-
            ter of the words in a phrase. The phrase could
            be the title of a song or the first line of a poem or
            one based on some fact about your life. For ex-
            ample, you might take the phrase, “I was born in
            Rome, New York, before 2000.” Using the first let-
            ters from that phrase and substituting the charac-
            ter < for the word before, you create the password
            IwbiR,NY<2000.  That’s  an  acceptable  password,
            but it would be better if all of the numbers were
            not placed on the end. So, you might try the
                                                                                                 Source: iQoncept/Fotolia
        24
   51   52   53   54   55   56   57   58   59   60   61