Using Password

After attending the Windows Password session by Jesper Johansson in TechEd,I now have a better idea for choosing and using a password.

• Use pass phase instead of password.




• Eg: Instead of 'password', you can use 'This is a good password'.


• Pass phase is easier to remember and type than password because it is a natural statement.


• Password usually require combination of upper case, lower case, symbols and numbers. Squeezing all this combination into a short word is a tough thing to remember.


• Pass phase has more characters thus making brute force attack much more difficult if not impossible.



• Never ever write down your password anywhere. I guess this has always been the old teaching, but people still do it.



• Always secure your workstation. If the attacker can get physical access to your workstation, he don't ever need your password.



• Simply replacing some characters with another set of characters does not give you much extra security.
  
  
  
  • Eg : replace 'a' with '@', 's' with '$'.
  
  
  • If you can think of this idea, obviously the attacker can too.



• Don't choose a password simply based on what you see around you. An attacker can think this way too when he need to guess your password. Eg : When the attacker sit in front of your workstation, he see your family photo is there, he will probably guess your password using your wife or kid's name.



• When you type your password, make sure nobody is around you to avoid shoulder surf.



• Try as much as you can not to reuse password for multiple accounts that you have.

There is another blog on Windows Password. Follow this link:
http://blogs.msdn.com/robert_hensing/archive/2004/07/28/199610.aspx