Secure Password

Passwords are the first line of defense in preventing unauthorized access to resources and confidential data. Choosing a password that is complex and cryptic is to prevent others from being able to guess or cracking them using password crack programs.

There are misconceptions that password complexity needs to be a mixture of alphanumeric characters with case sensitivity and special characters. But given the rapid development of today’s computing power, the randomness of a password is called its entropy. Simply, a password such as “password” or “12345678” has almost no entropy; a password such as “vB%TP” has a higher-than-average entropy. The password entropy model you rely on will have a significant impact on the overall success of your password policy defense.

According to the new NIST (National Institute for Standards and Technology, USA) guidelines for password policies, a ‘secure password’ is not what the norm is right now.

• User friendly password
  Complex password doesn’t necessarily mean a combination of characters that doesn’t make sense to the user.
• Size Matters
  NIST’s new guidelines say you need a minimum of 8 characters. and a maximum length of at least 64.
• No dictionary words
  You should not use common words like ‘Lakers’, ‘hello’, ‘password’.
• No password hints
  Password hints are more useful to attackers than the users themselves.

Further tips,

• Do not share your passwords with anyone else.
• Use of password managers are highly encouraged, as it will provide you a convenient way to store your passwords as well as provide you feedback.
• Don’t let your applications or browser store passwords that provide access to restricted systems or confidential data.
• Use different passwords for accounts that provide access to restricted data than for your less-sensitive personal accounts.