Tuesday, March 08, 2016


(LinkedIn image)
A venerable, widespread rule of network security is to force users to change their passwords periodically, say, every 90 days. Research has shown that the cost of this policy exceeds the benefits if a user has a strong password.
“With a strong password, there is little to be gained having to change it every few months,” says password security expert and author of Perfect Passwords Mark Burnett. “Six months to a year will result in a better experience for users and allow for stronger passwords.” Just imagine the sanity gained by going a whole year without a single password-change prompt. Think of the morale boost alone!
Microsoft's criteria for a strong password:
  • Is at least seven characters long.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete dictionary word.
  • Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3 ...) are not strong.
  • Contains characters from each of the following four groups:
    ---Uppercase letters
    ---Lowercase letters
    ---Symbols found on the keyboard (all keyboard characters not defined as letters or numerals)
  • An example of a strong password is J*p2leO4>F.
  • Your humble observer keeps his passwords, handwritten, on ten pages of notepad. Yes, he is aware that various services will keep track of all of one's passwords, but he is fearful of them being hacked, too.
    Only the paranoid survive. --Andy Grove, Intel founder

    No comments: