Closing the Gate Before the Horse Bolts – On Passwords for the Cloud

Monday, December 12, 2011

Ben Kepes


The advent of the Internet (actually the advent of software used by the general populace) has create an entire new bunch of folks with ulcers caused by the worries around password management.

Passwords it seems are both the bane of our existence and, apparently, the most important thing in our lives.

Unfortunately the Cloud doesn’t really change this, good password protocols are as important in the Cloud as they were in an on-premise world and potentially even more so.

In the Cloud security report we wrote for CloudU, we spent a bunch of time talking about what Cloud users can and should do to ensure they keep themselves safe, at least when it comes to passwords.

It’s always worthwhile reminding people of stuff that, frankly, they should know about anyway – sometimes it’s the most obvious things….

So to that end, here’s our checklist for good approaches to password in the Cloud;

  • Complexity – the more, the better. Combinations of letters, numbers, cases and special characters wins the day here 9and please don’t use “password” as your password!)
  • Expiration – A fancy way of saying that you shouldn’t use the password you used for your first email address in high school when you’re 45. Passwords should be refreshed regularly (kind of like your underwear)
  • Differentiation – The Lord of the Rings was all about One Ring to Rule Them All, passwords aren’t like this so please don’t use the same password on the 53 gazillion social sites you’re a member of
  • Minimum requirements – A system that would allow me to chose the password “1” is just plain dumb. Administrators need to introduce minimum password requirements into their policies
  • History – There’s nothing worse than users who have a revolving door policy to passwords, alternating between the two same passwords every time a change is required. Keep ‘em fresh is the best approach

Follow our guidelines and your cloudy (and non-cloudy) life will be a whole lot safer.

This series of posts are companion pieces to the CloudU series of educational material. We’d love you to join in some of our webinars or read the whitepapers the CloudU homepage is – here – and you can register to have updates sent to your inbox (in a non-spammy way of course!) there.

Cross-posted from Diversity

Possibly Related Articles:
Cloud Security
Service Provider
Passwords Cloud Security Access Control Managed Services Guidelines Protocols CloudU
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.