|
Password Information Page
Password Best Practices
Using a Secure Password is a Best Practice
As a general rule of Internet conduct, users are expected to be aware of the security policies of computers and networks which they access and to adhere to these policies. Unauthorized access to a computer or use of a network is explicitly a violation of Internet rules of conduct and the Carolina Connections Acceptable Use Policy, no matter how weak the protection of those computers or networks (see RFC 1281: Guidelines for the Secure Operation of the Internet).
According to RFC 1281, individual users have a responsibility to use security mechanisms and procedures available to them on their network to protect their data. Users are responsible for assisting in the protection of the systems they use. For systems which rely upon password protection, users should select good passwords and periodically change them. Password guessing and dictionary attacks are common ways of forcing unauthorized entry to networks, and even the best passwords can eventually be defeated mathmatically, given enough time. The use of strong passwords acts as a firm deterrant against password guessing attacks, and buys additional time against dictionary attacks.
These guidelines cover the selection of good passwords and best practices in handling them.
DO
- Use a password with mixed-case letters. Do not just capitalise the first letter, but add uppercase letters.
- Use a password that contains alphanumeric characters and include punctuation, where supported by the operating system.
- Use a password that can be typed quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by looking at your keyboard (also known as "shoulder surfing").
- change passwords regularly. The more critical an account to network integrity (such as root on a Unix host or Administrator on Windows NT), the more frequently the password should be changed. This change stops someone who has already compromised an account from continued access.
DO NOT
- Use a network login ID in any form (reversed, capitalised, doubled) as a password.
- Use your first, middle or last name in any form. Do not use your initials or any nicknames you may have.
- Use a word contained in English or foreign dictionaries, spelling lists, or other word lists.
- Use other information easily obtained about you. This includes pet names, license plate numbers, telephone numbers, identification numbers, the brand of your automobile, the name of the street you live on, and so on. Such passwords are very easily guessed by someone who knows the user.
- Use a password of all numbers, or a password composed of alphabet characters. Mix numbers and letters.
- Write a password on sticky notes, desk blotters, calendars, or store it online where it can be accessed by others.
- Reveal a password to anyone.
- Use shared accounts. Accountability for group access is extremely difficult.
For more information on password best practices or other Internet security issues, contact our office.
__________________________________________________________________
Acceptable Use Policy
For more information, send email to webmaster@cconnect.net,
fax us at (252) 633-1933 or call (252) 637-8113.
© 2007 Larry Crow.
|
|
