Modern corporate life means due dilegence, adhering to legislation, and many other distractions from
core business of an organisation. Where computers are concerned, there is potential for abuse of corporate systems, infection of corporate systems with viruses, trojans and other malware, and damage to reputation through hacking and improper use of resources by employees. Every organization should have policies on use of computers. These should include:
An acceptable use policy, which describes how firm’s computers can be used An email policy, which defines how email can be used A password policy, where use of passwords is defined The last item may be unfamiliar to many, however, passwords can be weak point in an organization's security. They are often abused, decreasing their strengths. It is worth educating users and defining use of passwords with a formal policy. The users should read policy, understand it, and adhere to it. It's important that policy explains what issues are, otherwise it may be misinterpreted.
Rule 0: The password policy should be part of every employee's Terms and Conditions. So, what's wrong with passwords? Typically, passwords are badly chosen. As a result, they can be guessed easily and quickly. They are also more vulnerable to brute-force attacks, where every possible password combination is tried.
Choosing a good password is a skill, but it's an easily learned one. The first thing is to not choose a very bad password. Firstly, Passwords should not be a simple dictionary word or name - hacker tools often include basic dictionaries, and these words will be tested first. People's names, automobile models, sports teams, and many other names are all used in passwords, and they are all candidates for hackers to break quickly. When a hacker is attempting to break a password, his tools will test all of his dictionary of words and names, and also use simple substitutions such as changing letter "I" for a number 1, "O" for zero, and so on. They may also append a number to end of world.
Rule 1: Never base a password on a single word. The next step in choosing a good password is to make it long. A password should be at least eight characters, and ideally 12 or more. The longer a password, less chance of a hacker breaking it quickly. To connotate two words will create a longer word, but hacker tools will search for this, and it is better to misspell one or both of words, so a straight dictionary approach will not work. If you do choose to use this approach, DO NOT use two words that someone will associate with you - choose them at random from a newspaper, for example.
Using both upper and lower case will help too, if application supports it, some do not. If it does, then use upper and lower case at random, not just at start of password, again, this will help.
The last tool I'm going to discuss for password security is adding numbers and punctuation marks to password. Knock out occasional letter and replace it with a number or a punctuation mark. Some punctuation marks may not be allowed in some applications, it's best to check, or to avoid greater than ">", less than "<", quotation marks """, "'" and "`", and semicolon and ampersand. I encourage you to try any unusual symbols on your keyboard, for example"¬".
