NISL
Network and Internetworking Services Ltd
For Startup and Small Businesses
Issues

- Applying IT for business benefit
- Selecting Software Solutions
- IT Security
 
Services

- Improving business efficiency by linking IT systems 

- Checking your IT systems are working well for you
 
For Businesses in Cumbria
- Special Offers
 
For Growing Businesses
- LAN & WAN Design
- Remote Working
- Project Management
 
Specialist Services
- Network Troubleshooting

- Application Performance Troubleshooting
 
About Us
 
Home

Password Issues

Protection of resources using a username and password combination is a very common approach.  However, the risks associated with this can be very great.  These are described below:

For passwords protecting network and internet services:

  • Any password below 8 characters in length presents a serious risk of being found out in a matter of hours by cracking.
  • Non-random passwords greater than this length also present a serious risk of being found.
  • Strong passwords are currently considered to be those of 8 or more random alphanumeric characters of mixed case.
  • The password length required for a good level of protection will increase as processing power increases.
  • Strong passwords are very difficult to remember and will get more and more difficult.
  • Re-using passwords for different purposes is dangerous so multiple passwords are needed.

The conclusion that many people are coming to is:

  • In order to get sufficient protection, passwords must be so complex and so many are needed that they cannot be remembered by most people.
  • If this is the case then they must be recorded somewhere.  For sensitive information this is preferable to using weak passwords.
  • Writing a password down in a disguised form is preferred to choosing a weak password.
  • The use of a software 'password safe' is an good alternative, providing the password safe software is from a trustworthy source.

Password Safes

Password Safes or vaults are based around files containing the usernames & passwords which have been encrypted using strong encryption techniques.

  • They allow the password to be significantly longer than the minimum safe length and made up of random patterns since they don't have to be remembered.
  • Some of them support the use of a combination of password and digital key.
  • Using a password combined with a digital key held on a USB memory stick is a good choice, providing the memory stick is kept separate from the PC when not in use.
  • Open Source password safes have the benefit that they have been peer reviewed.
  • Password safes must themselves be protected by a strong password.  The issue has been reduced to remembering just one.
  • The encrypted password file should be backed up regularly.
  • Since the impact of forgetting the strong password is great, it should be written down in a disguised form and stored in a safe place.

 

© Network & Internetworking Services Ltd. 2007