Sign in

Secure Passwords...


From US-CERT Security Tip (ST04-002)

A review of tactics to use when choosing a password:

  • Don't use passwords that are based on personal information that can be easily accessed or guessed.
  • Don't use words that can be found in any dictionary of any language.
  • Develop a mnemonic for remembering complex passwords.
  • Use both lowercase and capital letters.
  • Use a combination of letters, numbers, and special characters.
  • Use passphrases when you can.
  • Use different passwords on different systems.

From Microsoft article titled Tips for creating a strong password

A strong password is one that:

  • Is at least eight characters long.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete word.
  • Is significantly different from previous passwords.
  • Contains characters from each of the following four categories:
    • Uppercase letters (A, B, C)
    • Lowercase letters (a, b, c)
    • Numbers (0, 1, 2, 3, 4, 5, 6, 7, 8, 9)
    • Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces (` ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ | : ; " ' < > , . ? /)

Also see this very detailed article on Wikipedia titled Password Strength


Also consider the use of a Password Manager.  "A password manager is a software application that helps a user store and organize passwords. Good password managers store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password which grants the user access to their entire password database. Some password managers store passwords on the user's computer, whereas others store data in the cloud. While the core functionality of a password manager is to securely store large collections of passwords, many provide additional features such as form filling and password generation."

For several examples of good password managers see this PCMag article titled Six Great Password Manager (here).


More advanced systems use additional techniques such as:

  • Touch ID - Touch ID is a fingerprint recognition feature, designed and released by Apple Inc.. Touch ID allows users to unlock their Apple mobile device, as well as make purchases in the various Apple digital media stores, and to authenticate Apple Pay online or in apps (with the release of the iPhone 6 and iOS 8, the technology has been opened up to third-party developers.)
  • Two Step Verification - Two-step verification is a process involving two subsequent but dependent stages to check the identity of an entity trying to access services in a computer or in a network with just one factor or secret, whilst there is no proof obtained that the bearer of the unit is identical to the owner of the unit. Google was one of the first Internet companies to introduce a two-step verification process. To access a Google service using the two-step verification process, a user has to go through the following two stages:
    1. The first step is to log in using the username and password.
    2. The second step requires a mobile phone or the Google Authenticator application
  • Biometrics -  Facial, retna/iris, voice recognition and others are all being used for authentication.  You can find more here.



Powered by Zendesk