Saturday 31 December 2011

Password Best Practices‏

Password length should be minimum eight characters long
Password of length “5” can be guessed by Password Cracker Software in 30 seconds if a dictionary word.
Passwords should be changed regularly
If password is unchanged for longer duration hacker gets more time to guess.
Different passwords should be used fordifferent application
 If one password is compromised, then all passwords can be guessed.
Don’t share passwords
Human is weakest link in Security Chain. If fraudulent activity is performed, password owner shall be held responsible.
Make sure no one is watching you while you entering your passwords/ PIN.
Shoulder sniffing is dangerous. In this way attacker not either social engineer you or apply any tool.
Do not use the "Remember Password"feature of applications/browser.  (e.g., MS Outlook, Internet Explorer, Google Chrome, Webmail etc).
This point is especially valid in case public or different computer is used. Since it will pick the last remembered profile along with password.
Never write the passwords down, try to memorize them.
Written passwords in plain text  (electronic/non-electronic), can be easily retrieved or misplaced.
Use complex passwords considering the mixture of upper and lowercase letters, numbers and/or symbols.
Must not a dictionary, language, slang, dialect or jargon word.
More complex the password usually hard to guess, even if some personal information of victim known by the attacker.

No comments:

Post a Comment