Treat Passwords Like Cash

Monday, May 14, 2012

Danny Lieberman

959779642e6e758563e80b5d83150a9f

How much personal technology do you carry around when you travel?  Do you use one of those carry-on bags with your notebook computer on top of the carry-on?

A friend who is a commercial pilot had his bag swiped literally behind his back while waiting on line to check-in to a 4 star Paris hotel. The hotel security cameras show the thief moving quickly behind his back, quietly taking the bag and calmly walking off.

Is your user password 123456?

The Wharton School at UPenn recently posted an article – is your password 123456?

As the article notes – “Hack attacks have recently hit government agencies, news sites and retailers ranging from the U.S. Justice Department and Gawker to Sony and Lockheed Martin, as hackers become more sophisticated in their ability to steal customers’ identities and personal information.”

But, you don’t need sophisticated hack attacks to know that many people use simple minded passwords like 123456 and thieves use simple techniques like grab and run.

So – why don’t we all use strong passwords?

Every Web site and business application you use has a different algorithm and password policy.  For users, who need to maintain strong passwords using 25 different policies on 25 different systems and web sites, it’s impossible to maintain a strong password policy without making some compromises.

The biggest vulnerability is using your corporate password on an online pxxn site.  Since adult sites are routinely subject to attack and cheesier, more marginal adult sites – (mind you we’re not talking Penthouse.com or Playboy.com perish the thought) are frequently unwitting malware distribution platforms.

Here are 5 rules for safe password management :

  • Use technical aids to manage your passwords.  Consider using Keepass password management
  • Match password  strength to asset value. In other words – use a complex combination of letters and numbers for online banking and a simple easy to remember password for Superball news
  • Don’t reuse.   Don’ use the same strong password on more than one sites
  • Make passwords easy to remember but hard to guess.  Adopt mnemonics – like 4Tshun KukZ that you can remember
  • Maintain physical security of your passwords.  Treat your passwords like you treat the cash in your wallet.  If you have to write passwords down, put them on a piece of paper in your wallet and treat that piece of paper like a $100 bill,  make sure you don’t lose that wallet

Cross-posted from Israeli Software

Possibly Related Articles:
11427
Network Access Control
Information Security
Policy Authentication Enterprise Security Security Awareness Access Control Login Password Management online safety mnemonics
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.