Good Password Practices

Use different passwords for your computer and online services. And it is good to segment your online service passwords, or keep them altogether different.  I have seen a number of systems for doing this; some bad, some mediocre, and some extremely sophisticated.  My favorite involves a root password that varies depending on the year, and whether the online account is email, social media, banking, low security, etc.

It is good practice to change passwords on a regular basis and to avoid simple passwords; especially those that are easily guessed. It’s debatable whether enforced, frequent changes of complicated passwords are always constructive (making you trade a security vulnerability for a social engineering vulnerability if you have a tendency to write your passwords down and hide them under the keyboard).

If a criminal guesses or cracks one of your passwords, using different passwords for other services and for your system passwords considerably limits the damage that he or she can do. If, on the other hand, you use the same password for all of your accounts, you run the risk that one lucky guess will give the criminal the keys to the kingdom. One of the reasons that trivial accounts are sometimes phished is that they give a cracker a head start on guessing the password for other, more profitable accounts.

You may find this SANS newsletter on keeping your passwords safe, interesting, and useful: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201105_en.pdf.

TRA Consulting, Inc.
375 Redondo Avenue #153
Long Beach, CA 90814
info@traconsulting.us
562-225-4222

TRA