Guidelines for Username and Password Risk Management

Eric Vanderburg

Hackers often bypass some of the best security technologies by exploiting one of the oldest tricks in the book, your password.  Not only will attackers quickly gain access to whatever you have access to, audits and security monitoring will detect show that you accessed the documents, not the attacker so you will be the one to account for inappropriate use of company resources or access of data.  So what can you do to prevent this?

First, don’t share your password with anyone.  Not your co-workers, secretary, spouse, or even your dog.  Your password should be for your eyes only.  Also, avoid group or departmental accounts that are shared among several people.  Have system administrators create an individual account for each person that accesses a system.  Next, change your password often and follow these guidelines to create a secure password:

  • Use a combination of upper-case and lower-case, numbers and special characters such as ! @ # $ % * ( ) – + = , < > : : “ ‘
  • Make your password long enough: Between 8 to 20 characters is recommended.
  • To help you easily remember your password, consider using a phrase or song to go with the acronym.
  • You can also make the entire phrase your password.  I like to choose something funny and weird that would not be easily guessed like Yeah, Testing for my star riding license which would look like this as a password: “Yeah!Testing4My*RidingLicense”
Request Info

TCDI | Computer Forensics | Cybersecurity | Litigation Technology