Thursday, 10 April 2014
Everyday Thexyz support team deal with multiple requests from users that they have forgotten their password. When we look back at our logs, we can see that password related issues are the most common type of problem that our users deal with. These support requests can be prevented by adopting a Password Policy. Whether you are a company or a single user, you are going to need a system in place to ensure you remember your password. An IT network can be as secure as can be, but it can be weakened tremendously by a weak password.
A strong password is a minimum of of 8 characters in length, includes uppercase and lowercase letters, numbers and special characters.
With recent password breaches at Apple, Yahoo, Linkedin and last.fm we can see that most people use really simple passwords, and the same password.
Most popular passwords
Top base words
- It takes 10 minutes to a crack a lowercase 6-charachter password
- Adding 2 uppercase letters extends 6 years to crack the password
- If your password 10 characters, with 4 uppercase, 1 number and a special
Varied password restrictionsThere is no universal criteria for creating a password, websites impose restrictions like:
- Maximum 8 characters
- Maximum 16 characters
- Maximum 64 characters
- No symbols or special characters
- No “.” allowed
- No “#,$,%” allowed
- Cannot start with a number
So now we know what not to use, we can get started created a secure password.
How To Create A Secure PasswordTips to keep in mind...
- Change your passwords periodically
- Do not use the same password for multiple sites
1. Pick a base wordThis is a word that will be difficult to guess, it should not be password or qwerty or anything that can identity you. Some good random ideas could be:
2. Vary your base wordSelect your base word and make different variations to vary your password for different sites. For the purpose of this tutorial I have chosen the word “school” as my base word.
school can be varied to become the following
3. Add additonal wordsCreate another word used or series of words to make your password unique for different sites.
Using my “school” base word, I am going to make different passwords for different sites, without making it easy for a hacker to guess any other password it they know one.
- Email password: sCH00lbooks
- Facebook password: scho0Lmates
- Twitter password: scho0Lbird
- Youtube password: scho0Lwatch
- Bank password: $ch00Lnumblock
- A low security version: Schooldays
4. Dealing with changeSome sites will periodically advise you to change your password, to keep your password practice consistent, you could adopt some of the following sequences:
- Moon phases
- Current favorite video game
- SchooldaysMars > SchooldaysVenus > SchooldaysMoon
- SchooldaysWinter > SchooldaysSummer > SchooldaysFall
- SchooldaysWaxingcresent > Schooldaysthirdquarter > Schooldayswaninggibbous
- Schooldaystetris > Schooldaysangrybirds > Schooldaysdoom
- Schooldays2011 > Schooldays2012 > Schooldays2013
- Email password: sCH00lbooksMars
- Facebook password: scho0LmatesWinter
- Twitter password: scho0LbirdWaxingcresent
- Youtube password: scho0Lwatchtetris
- Bank password: $ch00Lnumblock2011
- Email password: sCH00lbooksVenus
- Facebook password: scho0LmatesSummer
- Twitter password: scho0Lbirdthirdquarter
- Youtube password: scho0Lwatchdoom
- Bank password: $ch00Lnumblock2012
A great tip for added security
Another great tip I learnt when working at other tech companies was that when they write down a password they add 3 random characters to beginning or end of the password. When entering the password you disregard these additional characters. If someone was to see your secret password list, this would prevent them from knowing your internal policy for writing down passwords.When writing your passwords down you could add 3 random characters to the end like so:
- Email password: sCH00lbooksVenusRfd
- Facebook password: scho0LmatesSummery4e
- Twitter password: scho0Lbirdthirdquarterr32
- Youtube password: scho0Lwatchdoom0po
- Bank password: $ch00Lnumblock2012032
Password requirements for Thexyz Webmail users and Microsoft Exchange users.
If you have any other password tips for a secure password, please leave a comment below.
We have secured great discounts on domains for the rest of month. Mar ch Domains Discounts Enjoy unbelievable discounts on your p...
We tested a bunch of FTP clients for iOS devices and found these to be the best. Most of them cost between $1 to $5 but we found the small p...
You can download the app free of charge from Google Play or Apple App Store. The app has recently been updated as Tapatalk celebrates its...
With Thexyz Webmail you have the choice of using your own domain or one of our domains. Using your own domain offers more features and ben...
Over the past few weeks our system administrators have detected an unusually high amount of traffic towards WordPress login pages. We h...
- ► 2016 (23)
- ► 2015 (34)
- Setting up an ActiveSync email account with BlackB...
- Setup Outlook 2013 With MobileSync
- Questions and Answers On Heartbleed
- How To Create A Secure Password
- Heartbleed Issue Prompts SSL Update
- Brute Force Attacks On WordPress Users
- Improving a website's speed: A Q&A with our web de...
- Thexyz Goes Open Source With OwnCloud
- ▼ April 2014 (8)
- ► 2013 (41)
- ► 2012 (43)
- ► 2011 (69)
- ► 2010 (52)
- ► 2009 (11)