Microsoft has an online report on creating and managing password security (see below). The suggestions would be funny if password security and cyber-crimes weren’t so serious and destructive to both individuals and businesses. What is also amusing is that Microsoft employees use smartcards to log into their computers and networks. I know because back in 2000 I designed and sold them the combinations physical and logical access employee badge with smartcard.
While I agree with their “Key to password strength”, what Microsoft and so many other companies fail to account for is the human element.
The flaws with Microsoft’s strategy:
- Most people will use the same password everywhere so they don’t have to remember multiple ones. With the tools and ways cyber-thieves can get account data once one password is exposed, then all other accounts are exposed.
- Microsoft’s suggestion does not take into account spyware, keyloggers and malware (or over the shoulder surfers). The pure act of typing in passwords on a keyboard can be a security risk.
- The suggestion that it is okay to write passwords down is irresponsible at best. If you write passwords down either on paper or in an electrical device like a smartphone, and you have to refer to it every time you log into an account, you have revealed to thieves where to look and what to steal.
Sadly, the majority of all identity theft is still perpetrated by someone close by: A colleague, friend or family member. In business, almost every employee will circumvent security for convenience. So the trick is to offer convenience that utilizes security.
Here are my tips:
- Invest in a multi-factor, token based password manager.
- Look for a token that secures the data stored in the device and offers many different security “Levels of Assurances”.
- Look for a solution that does not require huge investments to implement and have a high cost of ownership.
- Look for a solution that is portable to different computers, works both on- and off-line and is easy for employees to use.
- Finally, use a token that can be combined with other functions like physical access, ID badging, etc. so employees have one device and IT has one to manage.
Microsoft’s Report
Create strong passwords
Strong passwords are important protections to help you have safer online transactions.
Keys to password strength: length and complexity
An ideal password is long and has letters, punctuation, symbols, and numbers.
- Whenever possible, use at least 14 characters or more.
- The greater the variety of characters in your password, the better.
- Use the entire keyboard, not just the letters and characters you use or see most often.
Create a strong password you can remember
There are many ways to create a long, complex password. Here is one way that may make remembering it easier:
Test your password with a password checker
A password checker evaluates your password’s strength automatically. Try Microsoft’s secure password checker Click Here.
Protect your passwords from prying eyes
The easiest way to “remember” passwords is to write them down. It is okay to write passwords down, but keep them secure.
Common password pitfalls to avoid
Cyber criminals use sophisticated tools that can rapidly decipher passwords.
Avoid creating passwords using:
- Dictionary words in any language.
- Words spelled backwards, common misspellings, and abbreviations.
- Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
- Personal information. Your name, birthday, driver’s license, passport number, or similar information.