Software, Technology

How-to: Generate Good Passwords Part II


For those of you on the front-line dealing with user accounts and password resets in large organisations, we return to the thorny issue of passwords.

We will soon be implementing a tougher security standard for encrypting passwords within the our events database. It should occur invisibly behind the scenes and I won’t bore you with the technical stuff, but if we do have any glitches, I’m going to honestly advise this is going on and quietly iron those out. Everybody loves a bit of improved security.

Those account managers and associates able to create user accounts or reset passwords, I am asking to set something a bit more challenging and individual. Here’s why.

There is a body of several thousand identical user passwords in our database at the moment – I can spot them at the database level, even though they are encrypted, and if I crack one, I get several hundred more accounts for free. So there are two things to do:

  • Create user passwords which are longer, mixed-case, mixed character strings: “password1”  is not acceptable, for reasons below.Good strong passwords are strings such as “ThursdayMay142015” or “A11_W0rk_and_N0_P1ay” or “England5_Germany0”If you want to go nuts, there is no maximum length so you could go “Royal.Borough.of.Windsor.and.Maidenhead…”

    Just bear in mind that “EvidenceInformedPractice” (the organisation’s tagline) is too blindingly obvious, as is the person’s own name, “Thursday” and common words by themselves which might be included in a ‘dictionary’ attack.

  •  Since we’re going to tell folks what this initial password is, neither us or they need to remember it; you are also going to impress on them the need to change it to something they *can* remember when they next login. So an inconvenient initial password will encourage them to do that.Everyone has their own scheme for managing passwords, even if it is weaker than ours, and at some point we have to trust the customer to do right (even when they’re wrong).

Hopefully this will balance the need for security against the number of service calls we get. We shall see. RC

Related: How-to: Generate Good Passwords

About Robin Catling

Writer; performer; project manager; sports coach; all-round eccentric.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter Updates

Follow us on Twitter @EverythingExpre

Find Us on Facebook

Enter your email address to follow this blog and receive notifications of new posts by email.

Categories

Library

BBC World News

BBC World News
Opens the BBC World News page.
%d bloggers like this: