We have just come out with a Security Awareness Training doe consumers. This is from that course (available on Home Shopping Network) (Rule #5 answers your question.)
Here are Kevin Mitnick’s 10 Rules for Stronger Passwords Don’t tell your passwords to anyone! Nobody should ask for your passwords, and you should never give your passwords to anyone. Normally, tech support does not need your password to get into your account, so there’s no reason for a legitimate tech support person to ever ask for your password. Don’t use simple dictionary words, pets’ names, or people’s names for passwords. Avoid easy-to-guess numbers, such as your age, zip code, birthday, or anniversary. Use passwords that are at least 20 characters long. And do not write them down where they can be easily found. Create a “pass phrase“ instead of just one word (for example, $3 for the pirate hat). Or think up a few nonsense words that you can remember easily (for example, Betty was smoking tires and playing tuna fish). Use a different password for each website. Do not use simple patterns like “password1” “password2”, “password3” or “amazon4me”, “netflix4me”, “yahoo4me” for different sites – those are too easy to guess. Change your passwords for sensitive web sites (such as your online banking) every 60-90 days. Do not use easy-toguess patterns when you change them. If you think someone may have learned your password, change it immediately. Then check the websites where you use that password for any signs of misuse – starting with your online banking site. Sometimes websites ask you to enter the answer for a “security question” you can use if you forget your password. Make your answer to the security question just as hard to guess as your password. If your bank or webmail offers you extra security features, use them! Consider using a password manager such as KeePass or Password Safe. Password managers make your Internet use a lot safer and easier. From: David Lum [mailto:[email protected]] Sent: Thursday, January 31, 2013 9:17 AM To: NT System Admin Issues Subject: Password complexity question I have seen a few articles on password cracking and using unrelated words, so I have a question Given the “Making complex passwords” section here: http://www.digitaltrends.com/mobile/crack-this-how-to-pick-strong-passwords-and-keep-them-that-way/ Could you use a fairly simple method to identify what the password is for and still have it tough to crack? I’m guessing no, but have to ask For a twitter account: Twitter1 vodka eagles! Then for a Facebook account:Facebook2 vodka eagles! Ebay: Ebay3 vodka eagles! Then follow that same pattern for the various accounts. While it seems like bad practice to include the service name as part of the password I thought I’d ask your guys’ opinion. It’s at least better than using the same password for everything…or is it? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
