Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Raising awareness quickly: A look at basic password hygiene

Steve Ragan | Oct. 17, 2013
Rapid7's tips for strengthing your first line of defence.

Bottom line: passwords are an important security measure for every aspect of your life, including work.

How can you protect yourself?
There are a number of things you can do to reduce your risk and increase the protection offered by passwords.

Make passwords long and complex. Try to make your password more than 12 characters long and use at least one lower case character, one upper case character, one number, and one special character. Shamefully, not all sites have enabled this yet, so it may not always be possible, but do it where you can. Try stringing unconnected words together and mixing up the letters, numbers and special characters to make them extra hard to guess.

Don't reuse passwords. It is very difficult to remember unique passwords across everything. You can tackle this by using a service like KeePass and LastPass, which securely stores your passwords. All you need to remember is the password for your KeePass account! If you do reuse passwords across sites, be vigilant for any suspicious activity and at the first sign of trouble, change the password on any other sites where it was used.

Regularly change your password. Passwords should be changed every 8-12 weeks. Yes it's a hassle, but if an attacker has gained access without you knowing, it stops them from being able to keep coming back over and over again.

Two-factor authentication. Where possible, favor services that offer two-factor authentication and enable it. The way this typically works is that it combines something you know (your password) with something you have (e.g. a generated code sent to your phone) to provide a double layer of protection.

Never use a default password. Many devices and applications come with default passwords set up. You need to change these as soon as possible during your set up process. Using a default password is the same as using no password at all.


Previous Page  1  2 

Sign up for MIS Asia eNewsletters.