Best practice for IT users

The continuing need for user authentication

For many users, passwords are just a nuisance. As organisations strive to stay abreast of the latest security recommendations, passwords are becoming harder for users to remember. And they keep changing! Sometimes companies meet so much resistance that they can't adopt best practice or users simply won't comply. That potentially makes passwords the weak link in a company's security policy.

In many companies, users have to change their passwords regularly and choose different passwords for different applications. But thinking up new passwords — and above all remembering them — can be quite a burden. Users often see them as a waste of time and don't really understand why they're so important.

Why use passwords?

Cyberattacks are becoming more targeted and more sophisticated. Attackers are more persistent than ever and the number of attacks continues to grow. Organisations therefore need to step up efforts to protect their infrastructure and information systems against data theft, industrial espionage, sabotage and other threats.

Critical information includes all the strategic data in an organisation's possession. It's what gives a company its competitive edge. If any of it is leaked or stolen, the company's reputation is at risk and the consequences in terms of business continuity could be catastrophic. More robust security policies and practices need to be put in place to counter these risks — and that starts by ensuring that any employee who handles critical information always uses a strong password. Strong passwords reduce risks for businesses because they're harder for a criminal to crack using automated password cracking tools.

Why should personal information never be used in a password?

Because lots of personal information is already out there on the web. When you subscribe to an online service, or sign up for a Facebook, LinkedIn or Twitter account, chances are some of your personal information will end up in the public domain — your date of birth, where you live and work, where you went to school, how many children you have, phone numbers, email addresses, and so on. It doesn't take a huge amount of IT expertise to cross-reference all this information and build up quite a detailed picture of an individual. So if you choose a password based on your kid's date of birth, for example, it could be relatively easy for a hacker to discover.

How can I find a secure password that's easy to remember?

The strength of a password usually depends on its complexity, in other words on its length and the number of different types of characters it contains (capitals, lowercase, numbers, symbols). According to ANSSI, France's IT security agency, a strong password needs to have at least 12 different characters. That may sound a lot, but there are ways to choose strong passwords that are easy to remember but difficult to guess. Here are a couple of ideas:

  • Use a well-known phrase instead of a word and write it phonetically

"Takes one to know one!" becomes Tex12knO1!

  • Choose a mnemonic

"How many roads must a man walk down?" becomes Hmrm1mwd?

 

All articles