Thursday, 10 April 2014

Everyday Thexyz support team deal with multiple requests from users that they have forgotten their password. When we look back at our logs, we can see that password related issues are the most common type of problem that our users deal with. These support requests can be prevented by adopting a Password Policy. Whether you are a company or a single user, you are going to need a system in place to ensure you remember your password. An IT network can be as secure as can be, but it can be weakened tremendously by a weak password. 

A strong password is a minimum of of 8 characters in length, includes uppercase and lowercase letters, numbers and special characters.

With recent password breaches at Apple, Yahoo, Linkedin and we can see that most people use really simple passwords, and the same password.

Most popular passwords

  1. 123456
  2. password
  3. welcome
  4. ninja
  5. abc123
  6. 123456789
  7. 12345678
  8. sunshine
  9. princess
  10. qwerty

Top base words

  1. password
  2. welcome
  3. qwerty
  4. monkey
  5. jesus
  6. love
  7. money
  8. freedom
  9. ninja
  10. writer
  • It takes 10 minutes to a crack a lowercase 6-charachter password
  • Adding 2 uppercase letters extends 6 years to crack the password
  • If your password 10 characters, with 4 uppercase, 1 number and a special

Varied password restrictions

There is no universal criteria for creating a password, websites impose restrictions like:
  • Maximum 8 characters
  • Maximum 16 characters
  • Maximum 64 characters
  • No symbols or special characters
  • No “.” allowed
  • No “#,$,%” allowed
  • Cannot start with a number
Length is becoming less of a restriction these days, as I learned from a thread at Stack Overflow.

So now we know what not to use, we can get started created a secure password.

How To Create A Secure Password

Tips to keep in mind...
  • Change your passwords periodically
  • Do not use the same password for multiple sites

1. Pick a base word

This is a word that will be difficult to guess, it should not be password or qwerty or anything that can identity you. Some good random ideas could be:
  • school
  • panda
  • swiss
  • tequila

2. Vary your base word

Select your base word and make different variations to vary your password for different sites. For the purpose of this tutorial I have chosen the word “school” as my base word.

school can be varied to become the following
  • school
  • Sch00l
  • $CH00l
  • sKH00l

3. Add additonal words

Create another word used or series of words to make your password unique for different sites.

Using my “school” base word, I am going to make different passwords for different sites, without making it easy for a hacker to guess any other password it they know one.

  • Email password: sCH00lbooks
  • Facebook password: scho0Lmates
  • Twitter password: scho0Lbird
  • Youtube password: scho0Lwatch
  • Bank password: $ch00Lnumblock
  • A low security version: Schooldays

4. Dealing with change

Some sites will periodically advise you to change your password, to keep your password practice consistent, you could adopt some of the following sequences:
  • Planets
  • Seasons
  • Moon phases
  • Current favorite video game
  • Year
Passwords would change like this (using low security version as example):
  • SchooldaysMars > SchooldaysVenus > SchooldaysMoon
  • SchooldaysWinter > SchooldaysSummer > SchooldaysFall
  • SchooldaysWaxingcresent > Schooldaysthirdquarter > Schooldayswaninggibbous
  • Schooldaystetris > Schooldaysangrybirds > Schooldaysdoom
  • Schooldays2011 > Schooldays2012 > Schooldays2013
If we were to apply this to our list it would it would look like:
  • Email password: sCH00lbooksMars
  • Facebook password: scho0LmatesWinter
  • Twitter password: scho0LbirdWaxingcresent
  • Youtube password: scho0Lwatchtetris
  • Bank password: $ch00Lnumblock2011
After a change it could look like:
  • Email password: sCH00lbooksVenus
  • Facebook password: scho0LmatesSummer
  • Twitter password: scho0Lbirdthirdquarter
  • Youtube password: scho0Lwatchdoom
  • Bank password: $ch00Lnumblock2012

A great tip for added security

Another great tip I learnt when working at other tech companies was that when they write down a password they add 3 random characters to beginning or end of the password. When entering the password you disregard these additional characters. If someone was to see your secret password list, this would prevent them from knowing your internal policy for writing down passwords. 
When writing your passwords down you could add 3 random characters to the end like so:
  • Email password: sCH00lbooksVenusRfd
  • Facebook password: scho0LmatesSummery4e
  • Twitter password: scho0Lbirdthirdquarterr32
  • Youtube password: scho0Lwatchdoom0po
  • Bank password: $ch00Lnumblock2012032
Password requirements for Thexyz Webmail users and Microsoft Exchange users.

If you have any other password tips for a secure password, please leave a comment below.


Post a Comment

Trending Posts

Blog Archive


News (65) Web Hosting (48) security (25) Email (19) webmail (19) Advertising (15) Thexyz Cloud (14) Tutorials (13) Video (4) resellers (2)