Sunday, September 19, 2004

Using Password

After attending the Windows Password session by Jesper Johansson in TechEd,I now have a better idea for choosing and using a password.

  • Use pass phase instead of password.

    • Eg: Instead of 'password', you can use 'This is a good password'.

    • Pass phase is easier to remember and type than password because it is a natural statement.

    • Password usually require combination of upper case, lower case, symbols and numbers. Squeezing all this combination into a short word is a tough thing to remember.

    • Pass phase has more characters thus making brute force attack much more difficult if not impossible.

  • Never ever write down your password anywhere. I guess this has always been the old teaching, but people still do it.

  • Always secure your workstation. If the attacker can get physical access to your workstation, he don't ever need your password.

  • Simply replacing some characters with another set of characters does not give you much extra security.

    • Eg : replace 'a' with '@', 's' with '$'.

    • If you can think of this idea, obviously the attacker can too.

  • Don't choose a password simply based on what you see around you. An attacker can think this way too when he need to guess your password. Eg : When the attacker sit in front of your workstation, he see your family photo is there, he will probably guess your password using your wife or kid's name.

  • When you type your password, make sure nobody is around you to avoid shoulder surf.

  • Try as much as you can not to reuse password for multiple accounts that you have.

There is another blog on Windows Password. Follow this link:



Post a Comment

<< Home