5 Must-follow corporate security rules for passwords

By Ennio Gallucci, Digital Media Intern

Passwords are important for maintaining security because a poorly conceived password can destroy a user or a company. Even if the breach is repaired, reputations for the business are often impossible to mend. For example, LinkedIn was a victim of a massive password leak, and lost many of its users because of it.

Here are five tips for creating effective passwords:

1. Don’t think the bare minimum is good enough.

An eight-digit password is usually the status quo for accounts online, and some websites may take the attempt at security a step further by requiring a number, a capital letter, or a special character. To fulfill these criteria, you could create a password like $Rubber89. This password is nine digits, has a capital letter, a special character and two numbers. Although it may seem secure, it is not; password-cracking algorithms easily substitute for capital letters and account for numbers and symbols in obvious places. The base of the password (rubber) is easily found and compromised in dictionary-based attacks.

2. Do strive for complexity.

A better password would use a “random” series of digits, including lower and upper-case letters, numbers, and characters. The eight-digit requirement is a good start, but is also weak; 16 characters is a dramatic improvement. A better password would be %fY0ml*8)jj^`5_Ux>. Passwords like this can be generated randomly (or as randomly as possible) with online password generators for those who are less creative. Unfortunately, with the additional security, the ease of use is sacrificed.

Here are two password generators:



3. Do keep track carefully.

Online password managers are a good solution, especially if multiple passwords are being used. Writing down your passwords on a local machine/account or on a sheet of paper is an equally bad idea, as this can easily be compromised regardless of the quality of your passwords.

Here are two online password managers:



4. Don’t get complacent.

Never use the same password in multiple places. It might be easier to remember the same password for multiple accounts, but doing so will severely comprise your security.

5. Do consider alternatives.

An alternative method, and one that makes remembering passwords easier, is to use pass phrases. Instead of a good password like %fY0ml*8)jj^`5_Ux>, a good pass phrase would be inevitable substitute paint chameleon zephyr. This password is a whopping 44 characters, and is a lot easier to remember. It should be noted that the phrase is “random,” meaning it is not expected that the words would go together. A pass phrase like green leaves are red in autumn is a poor password because the phrase takes a predictable path and can be easily cracked.

Of course, cracking a password is an involved process, and it is unlikely that someone would target you anyway, but there is still always a risk. In a worst case scenario, you would use the same password for your email, website and social media.

A hacker could then crack one password, and then use this information to take over other accounts. Most accounts are linked, meaning that your email is going to be associated with your social media and work accounts. A hacker can easily link the accounts together and attack multiple accounts at once if only one password is used for everything. With this information, a hacker could lock you out of your email, your social media or website.

The latter could be the most problematic; a hacker could hold your site for ransom and only give you back access if you pay a fee. Paying a ransom, unfortunately, is often a cheaper and easier solution than mitigating the problem on your own. But, by taking the necessary precautions, you can reasonably assure that you won’t be an easy target for exploitation.

Ennio Gallucci is a student at Cleveland State University, where he is working on his degree in computer science. At NCM, he is assisting the digital team with SEO and web development.
Photo credit: perspec_photo88 via Foter.com / CC BY-SA