Skip to main content

Adopting Good Password Management


passwordUsernames and password combinations are the most common means of providing access to information. A username identifies you as a unique individual and your password is then used to prove your identity. Passwords can be used in this way, because you should be the only person that knows your password.

In reality, passwords are commonly compromised, often due to bad password management on behalf of the user. Information is placed at risk of theft or misuse when passwords are compromised; therefore, good password management is required. Adopt good password management by following these simple guidelines:


DO U KNOW WHAT IS THE ACTUAL MEANING OF PASSWORDS..??

phrasePhrase
- Consider using a phrase rather than a single word
- A phrase (i.e. more than one word) usually results in a password that is longer, more complex and therefore, more secure than a password formed from a word.
- Passwords formed from phrases also help ensure your password is memorable


accountableAccountability
- Passwords provide accountability, as they prove your identity
- If someone logs in with your username and password, you are likely to be held accountable for any actions that are performed.
- You must change your password immediately if you think it may have been compromised


sharingSharing
- Never share your password with anyone
- Do not even share with people you trust, such as friends, colleagues or the IT helpdesk. There are no exceptions to this rule.
- If you share your password, you will be held responsible for any loss, damage or misconduct that arises from its use

  
saving
Saving
- Avoid saving your password anywhere
- If you must save it, ensure that it is never saved in clear text (i.e. without encryption)
- If you save your password in an unprotected file or email it in clear text, it can be viewed by anyone

  

writingWriting
- Never write down your password
- Do not post passwords or usernames near to your computer (Post-it notes are not for passwords…)
- Wherever possible, passwords should be committed to memory



organizingOrganizing
- Organize all of your many passwords
- Consider using a naming convention or logic that only you know. This will increase password memorability and save you from using the same password for everything
- You may wish to use password vault software, allowing you to encrypt and store all of your passwords in one centralized place. Good examples of such software include Password Safe (http://passwordsafe.sourceforge.net/) and KeePass (http://keepass.info/)


reusingReusing
- Passwords must not be reused or recycled
- Using the same password for multiple systems is highly insecure. If someone were to obtain the password, they would have access to all systems with that password
- Additionally, when changing passwords, do not use a previously used password


deducingDeducing
- Never use a password that could be easily deduced or guessed by others
- Do not use dictionary words, names or birthdates as these can be deduced in seconds
- Instead, use a mix of uppercase, lowercase, numbers and special characters to form your password and to ensure that it is at least 8 characters in length.
- For example, Th15_is~MyP&ssword! is a lot more secure than thisismypassword.


switchingSwitching
- Switch your password to a new one on a regular basis
- If a password never changes over time, it is more likely to be compromised
- Aim to change your password at least every quarter

Comments

  1. Hi friends,

    Password management is a significant part of any solution to improve security for an organization, because weak passwords are an open opportunity for anyone with access to those systems to authenticate themselves and mount an attack on other user accounts with weak passwords. There are several forms of software used to help users or organizations better manage passwords. Thanks...

    ReplyDelete

Post a Comment

Popular posts from this blog

CIA Triad for- Base of Information security

The essential security principles of confidentiality, integrity, and availability are often  referred to as the  CIA Triad. All security controls must address these principles. These three  security principles serve as common threads throughout the CISSP CBK. Each domain  addresses these principles in unique ways, so it is important to understand them both in  general terms and within each specific domain: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their veracity and are intentionally modified by  authorized subjects only. Availability is the principle that authorized subjects are granted timely access to objects  with sufficient bandwidth to perform the desired interaction. Different security mechanisms address these three principles in different ways and offer varying  degrees of support or application of these principl...

10 Steps to Become a Top Information Security Professional: A Comprehensive Guide

In 2024, the demand for skilled information security professionals is higher than ever. As cyber threats continue to evolve, organizations around the globe are in desperate need of experts who can safeguard their critical data and systems. If you're aspiring to become one of the best in the field, you're in the right place. This comprehensive guide outlines ten essential steps to help you build a successful career in information security. From foundational education to advanced certifications, hands-on experience, and continuous learning, we'll cover everything you need to know to excel and stand out in this dynamic industry. Let's embark on your journey to becoming a top-tier information security professional. 1. Foundation in Computer Science Degree : Obtain a degree in computer science, information technology, or a related field. This will provide you with a strong foundational knowledge. Programming : Learn multiple programming languages such as Python, C++, Java, a...

My Article :- હેકર બનવું છે? કઈ રીતે?

મારી ૨ વર્ષ ની કારકિર્દી માં મને કેટલાય  લોકોએ, ખાસ કરીને કોલેજ ના વિદ્યાર્થીઓએ ઘણી વાર પૂછ્યું છે કે "મારે હેકર બનવું છે. તો હું શું કરું? " અને મારા બ્લોગ્સ માં પણ પૂછવામાં આવે છે કે એક સારો હેકર કઈ રીતે બની શકાય? એવું હું શું કરું અથવા તો મારા માં કઈ લાયકત હોવી જોઈએ એક હેકર બનવા માટે? આ પ્રશ્ન નો સંતોષકારક જવાબ આપવા માટે મેં internet પર શોધખોળ કર્યા પછી મને જે કઈ માહિતી મળી તેને હું આજે અહી રજુ કરું છું. મિત્રો, સૌપ્રથમ હેકર કઈ રીતે બનવું એ જાણવા પહેલા એ જાણવું જરૂરી છે કે ખરેખર હેકિંગ શું છે ? અને હેકર કોને કહેવાય. હેકિંગ ની સીધી અને સરળ વ્યાખ્યા નીચે મુજબ છે.  "તમારા કમ્પ્યુટર,નેટવર્ક(ઈન્ટરનેટ કે LAN દ્વારા) કે કોઈ ડીવાઈસ માં (ફોન, ટેબ્લેટ) માં કરવામાં આવતા ગેરકાયદેસર પ્રવેશ અને ઉપયોગ એ હેકિંગ કહેવાય છે."અને હેકિંગ કરતા લોકોને હેકર કહેવાય છે. હવે તમને થશે કે આવું શું કામ કરવું જોઈએ? આ તો ક્રાઈમ છે. તો તમને જણાવી દઉં કે હેકર મુખ્યત્વે ૨ પ્રકારના હોય છે.    વાઈટ હેટ હેકર્સ (એથીકલ હેકર્સ) : ધારો કે તમે તમારો ફેસબુક નો પાસવર્ડ ભૂલી ગયા(ખરેખર ના ભૂલતા ક્યારેય..)કે ત...