What's all the fuss about passwords?

One simple way to keep your information secure is to make sure you and your employees use strong passwords. How can I determine whether or not my password is strong? There are three factors.

The strength of a password can be determined by its: 

   Length

  Complexity

  Randomness

Password Length is the number of characters that are used in the password. The longer a password is, the more difficult it is to guess.

Password Complexity involves the characters used to form a password. A complex password uses characters from at least three of the following categories:

   English uppercase (A-Z)

   English lowercase (a-z)

   Digits (0-9)

   Nonalphanumeric characters (!@#)

   Unicode characters

Password Randomness is a password that does not make sense and so it is not easily guessed by others.

To keep your information safe it is important to have an expiration date on all passwords. This is known as maximum password age. There is a setting in Windows which your administrator can use to choose how many days there will be before your password expires. There is also a minimum password age setting which determines the amount of days that a password must be used for before a user can change it. There is also a setting that determines the number of unique passwords that you have to use before you can re-use a password. This is known as password history. Password history stops users from repeatedly using the same password. This will help to keep your companies information safe.

It is important to constantly remind your employees of this to make sure to keep your company’s data safe.

Account lockout is the amount of incorrect logon attempts allowed before the system locks an account. Using this will allow you to stop people from being able to access your information if they cannot get your password after a limited amount of tries.

Microsoft provides three separate settings with respect to account lockout:

  Account lockout duration

  Account lockout threshold

  Reset account lockout counter after

Account lockout duration is the amount of time you will be locked out of your account for as a result of too many incorrect password attempts. This should be set by your company’s administrator.

Account lockout threshold determines the amount of failed logon attempts set that will cause you to be locked out of your account. This issue can only be resolved by the administrator of your company resetting the account or the time specified by the account lockout duration expiring.

Reset account lockout counter after determines how many minutes there must be before the amount of bad logon attempts resets. This only has meaning when the account lockout threshold is specified.

Using the same password for multiple accounts

It is NOT a good idea to use the same password for different accounts. If you did a hacker would be able to log in to your businesses documents, your social media page and much worse. They could do all of this just by finding out your computer logon password. That is why each of your passwords should be different.

Password Strength

To give you an example of a way to make a password difficult to guess but easy to memorise here is a comic on password strength made by https://xkcd.com/936/

Password Manager

A problem that many people have is that they forget their passwords. In order to remember your passwords it would be a good idea to use a password manager tool. Password manager is a software app that allows the user to store all of their passwords. This app will encrypt them and once you enter your password for the app it will give you access to all of your passwords.

I have a table below to show the prices, compatibility and features of different Password Manager Applications. Different Applications are suitable for different computers. This table should help you to decide which Password Manager App you want to use.

The one that I would recommend is RoboForm Everywhere because it is fairly priced, works with most operating systems, most devices and browsers and if anything goes wrong it is easy to get in contact with them.