How to create secure passwords and really capable of protecting sensitive business information? Here are the factors to consider before choosing your own access keys: fundamental elements that, if used properly, can guarantee the highest level of desirable protection.
When the primary goal is to pursue corporate IT security, it is necessary to know the details of the password encryption function.
In generic terms, it is enough to know that usually, all trusted sites save the passwords in encrypted keys, encrypting them with a one-way process, which turns them into strings apparently without any logical sense. When the user logs in, the system compares the saved password and encrypts the password in the same manner as it is used to recognize it.
If a server is hacked, the file containing encrypted codes can be downloaded. Using special tools, computer hackers are able to trace original passwords using programs that encrypt a long list of words and then comparing them with the list of downloaded encrypted codes.
If words used by software are taken from multilingual dictionaries or other lists of names, TV programs, songs, movies, etc., these tools can automatically test different combinations-variations of terms in the lists (uppercase-lowercase, plural, adding numbers or symbols before and after the words, etc.), exploiting the ability of modern PCs to test millions of combinations per second.
Complexity and password length
Since entering an upper case, lower case, numbers, and symbols into your passwords forces the hackers to experience an exponential number of combinations before reaching the correct solution, anyone wishing to secure corporate IT security should at least create as complex and improbable as possible codes.
In addition to the difficulty, however, the length of access keys plays a key role: the shortest the secret combination is, the sooner is exposed by computer hackers. To obtain a good level of protection, you must choose passwords of at least 10 characters and add an additional character each year.
Another good advice to generate a good password is to take the first letters of a meaningful phrase and add the initials of the site where the code will be put in for logging and any extra symbols. For example, from the phrase "It's getting darker before dawn," Iigdbd will be extrapolated. These letters can then be linked to "eb" (if the site to access is Ebay) and ##. Result: Iigdbdb##.
If possible, always remember to choose easy-to-type passwords on all devices (computers, smartphones, and tablets) to make it easier to type.
Since we are explaining how to create secure passwords, in addition to what has been said above (creating codes of a certain length and mixing letters, numbers, and symbols), it is also advisable to use different access keys for each service (email, home banking, website accounts, etc.).
Of course, banking portals or other similar platforms provide a good level of security, but if passwords used within such systems are also used elsewhere, they are absolutely vulnerable.
Now that I've provided some useful tips to create safe enough codes, I'll spend a few more words to explain how to handle your passwords in time:
These are my tips to ensure corporate IT security: simple but effective tips to put in place every day to protect sensitive business data.
Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA)
Copyright 2013. John Giordani. All Rights Reserved.