| Go into to any office and look under the computer | | | | in both uppercase and lowercase. Strong passwords |
| keyboards and you'll eventually find a little piece of | | | | also do not contain words that can be found in a |
| paper with that users logon ID and passwords. | | | | dictionary or parts of the user's own name. |
| Probably every password that person has. | | | | Customers will not use difficult passwords. Sorry, they |
| This illustrates a serious problem with the use of | | | | just won't! For instance, you have two passwords: |
| networked computers in business. User apathy and IT | | | | 1Xc%&27m3 and parrott5. Which is the strongest? |
| security arrogance often combine to defeat the | | | | Which do you think your customers will use? |
| purpose of established security policies. | | | | The key here is education. End-users must be |
| What happens is that IT security policies clash with | | | | educated on the seriousness of computer security and |
| usability. Most customers will not follow policies they | | | | IT security professionals need to be aware of the |
| see as too difficult. One place IT policies and user | | | | needs of their user base. |
| compliance clash is at the point of entry for any | | | | You should avoid sequential passwords: parrott1, |
| secure computer system. The logon screen. | | | | parrott2, parrott3... You should use a password that is |
| First, let's agree on a definition for a strong password. | | | | easy to remember, but not in any dictionary. Maybe |
| From Webopedia, A password that is difficult to | | | | combine parts of two words, adding capital letters and |
| detect by both humans and computer programs, | | | | numbers. |
| effectively protecting data from unauthorized. A strong | | | | IT security professionals may not like this compromise, |
| password consists of at least six characters (and the | | | | but it is better than passwords that are easily broken. |
| more characters, the stronger the password) that are | | | | Strong passwords are critical to the security of any |
| a combination of letters, numbers and symbols (@, #, | | | | computer security, but are they the best way to |
| $, %, etc.) if allowed. Passwords are typically | | | | control access? In part two, we'll look at alternatives to |
| case-sensitive, so a strong password contains letters | | | | passwords. |