Difference between revisions of "Password"
| Line 16: | Line 16: | ||
* Not be repeated within the last 10 used | * Not be repeated within the last 10 used | ||
* Not be changed more than once in a 24-hour period | * Not be changed more than once in a 24-hour period | ||
| + | |||
| + | Password Strength: is a measurement of the effectiveness of a password as an authentication credential. | ||
| + | |||
| + | Password is the key used to access personal information stored on your computer online accounts or other electronic devices. | ||
| + | To avoid violation of confidential information strong password can be created to keep personal and sensible accounts well protected. Usually, a strong password is a lengthy random string of characters. Each character added increases the protection. Currently, 8 or more characters in length are the standard; 14 characters or longer is ideal. | ||
| + | |||
| + | In some instances it is possible to use the space bar, which can give the possibility of creating phrases made of many words (called pass phrase). This in turn offers a much easier way to remember long and hard passwords. Another characteristic of a strong password is the combination of letters, numbers, and symbols. The more variety of characters the harder to guess. Complexity can be added by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. | ||
| + | |||
| + | It is beneficial to use special characters (!, @, #, etc) to add even more strength to one's password. | ||
| + | |||
== References == | == References == | ||
Revision as of 15:44, 6 October 2011
We have had discussions at our organization about eliminating requirements to change passwords every x days, and to having different PW's for each application, in exchange for requiring one complex password. Likely more secure? Any literature on breaches with this system vs the usual? Likely cost savings in PW resets by IS department?
Research firm RSA surveyed 1,700 enterprise end users in the US and found that more than a 1/4 of respondents manage more than 13 passwords at work [1]. This leads to much frustration on the part of both end users as well as IT managers who must help their users resolve password related problems which 40% of respondents said took at least 6 minutes each to resolve. This frustration causes over 50% of users to write down passwords on paper or save them locally on a spreadsheet or in document (often in plain text, i.e., no encryption) on their PC or handheld device.
Here are some guidelines for determining password strength: Password formatting guidelines require that every password must:
- Be at least eight alphanumeric characters in length
- Contain at least one upper case letter
- Contain at least one lower case letter
- Contain at least one number
- Contain at least one special character
- Not contain consecutive characters (abc or cba)
- Not contain repeating characters (aa, bb, etc.)
- Not contain the same character more than twice
- Not be repeated within the last 10 used
- Not be changed more than once in a 24-hour period
Password Strength: is a measurement of the effectiveness of a password as an authentication credential.
Password is the key used to access personal information stored on your computer online accounts or other electronic devices. To avoid violation of confidential information strong password can be created to keep personal and sensible accounts well protected. Usually, a strong password is a lengthy random string of characters. Each character added increases the protection. Currently, 8 or more characters in length are the standard; 14 characters or longer is ideal.
In some instances it is possible to use the space bar, which can give the possibility of creating phrases made of many words (called pass phrase). This in turn offers a much easier way to remember long and hard passwords. Another characteristic of a strong password is the combination of letters, numbers, and symbols. The more variety of characters the harder to guess. Complexity can be added by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well.
It is beneficial to use special characters (!, @, #, etc) to add even more strength to one's password.
References
Biometrics curing password headaches, 28 September 2005.
