Passwords: First Step in Insecurity

It is very hard to come up with a good password. Especially if you don't want you site or data accessed. Why do you think that is? The answer is simple if you take the time and make a truly random password it is so complicated that most people can't remember the password, and they write it down and keep the password under their keyboard, on their monitor, or somewhere close to their workstation. This is a BIG NO NO!!! This goes back to the #1 rule of Security: If people have access to your machine then no security measure you take will make you secure. So it is very important that you take the right physical security precautions and secure your work area.

But I know from experience that know matter how much I talk about not writing passwords down you will still do it. If you do write it down then take some password security precautions and at least keep it secure. My advise is to not use passwords alone. Use what in the security world we call 3-forms of authentications: What you have? What you know? and Who you are?

What you know, are things like passwords, security questions, personal information that you may know. What you have, are things such as flash drive or tokens, PDAs, and mobile device. Who you are include bio tech, such as thumb prints, retina scans, and face recognition.

Steps to Secure Passwords

• More than 8 characters long
• Mix of alphanumeric, numeric, and special symbols ($,%,^,@,&,!,?)
• Not words in dictionaries
• Not names or common words

If you combined your extra secure password with what you have such as a flash drive and a simple to use password manager such as KeePass Password Safe Portable found at http://portableapps.com/apps/utilities/keepass_portable

With this utility you can set-up a list of websites that you are a member of and have one really strong random password to protect the data within the program to be accessed.

I look forward to your comments and questions.