Passwords are a means of controlling access to Information Resources. Unauthorised access can compromise information confidentiality, integrity and availability resulting in loss of revenue, liability, loss of trust or embarrassment to an organisation.
Passwords must:Be changed when promptedBe changed immediately if the security of the password is in doubtBe treated as confidential informationHave a minimum length of 8 charactersBe comprised of a combination of alpha, numeric or special charactersNot be shared, donated or transmitted
A strong password is constructed so that another user or a “hacker” program cannot easily guess it. It is typically a minimum number of positions in length and contains a combination of alphabetic, numeric, or special characters. Combine short, unrelated words with numbers, special characters, or mixed case. For example: eAt42peNs (remembered as “Eat for two pence”)
Constructing a Strong Password
A strong password is needed for a number of reasons: in short, people wishing to crack your password will use a piece of hardware, called a war-dialler which contains a batch of software. This software contains every dictionary and thesaurus written in most languages. The war-dialler then attempts to break your password by checking it against all the words it holds within the software.
It is therefore in your own best interest, both at home and at work, to construct a strong password. This makes it less likely that the software will be able to break your password.
Strong Password Guidelines
Passwords should not be easily related to such personal information as:your username or logon ID your employee numberyour given namenames of family, friends, pets, co-workers, fantasy characters, etc.your nicknameyour social security or driver’s license numberyour birthdayyour car registrationyour address or street nameyour phone numberthe name of your town or citythe name or abbreviation of your company or departmentcomputer terms and names, commands, sites, companies hardware, software, etc.common industry terms or acronymsword or number patterns such as aaabbb, zyxwvut, 123321, etc.makes or models of vehiclesslang wordsobscenitiestechnical termsschool names, school mascot, or school slogansany information about you that is known or is easy to learn (favourite - food, colour, sport, etc.) words that appear in a dictionary (English or foreign)the reverse of any of the abovethe same as other passwords selected for personal use outside of the office or passwords commonly used on public web sites.
Most importantly, do not use the same password for everything! If you do, you are putting yourself and the trust at high risk. If your password for one site, program or system is broken, then they will all be broken – that will allow the hacker access to everything!