Is there a post-it note under your keyboard?
Companies love requiring there employees to have long complex passwords. Those of us in IT do this to protect the network from users having passwords which are two easy to guess. The problem with requiring these long passwords, is that they become very hard to remember very quickly.
The most common way for people to remember there passwords is to write them down. The most common place to store these passwords that have been written down is under the keyboard. I’ll bet if you walked around the company you work for at night (especially in a non-technical part of the company) and start flipping keyboards over you’ll find a bunch of peoples passwords.
While some of these people may not have access to information which is all that important, I’ll bet a few people that you’ll run across have access to some interesting stuff. (For the love of god don’t start using there passwords, that’s just asking to get fired.)
Some middle ground needs to be found between passwords which a 3 year old can guess such as “password” and 30 character passwords that have to be reset every day because the person can’t remember there password.
The easiest way to create a secure, yet easy to remember password is to use a passphrase instead of a password. There’s a couple of different ways to do this.
- Use an entire phrase just without the spaces. Make sure to use caps where needed, and stick a number or two in there so that it meets the requirements. This will give you a nice long password that is hopefully easy to remember. Something like “ThisIsMyR3allyL0ngPassword-No1CanFigureItOut” is perfect. It’s very long, has numbers, upper and lower case letters, and a symbol. And when your auditor comes by asking how long your password is, you can tell him 44 characters.
- The second technique is to take a song lyric or line from a poem and use the first letter of each word. Now be sure not to actually say the phrase out loud since it won’t take long for someone to figure out what you are using for your password. After you have your phrase stick a couple of numbers in there and make some letters upper and lower case and you are done. As an example if I were to use the title of this article as a password it could be “Itap-1nuyk”. It’s still easy for me to remember for no one else will remember it.
When using these sorts of long secure passwords you protect not only your company but yourself. Everything you do at work is traceable by the company, which means that anything that someone else does when logged into the company network as you can be tracked as well. While this is good, it means that because your username and password were used to access the network it is assumed that everything which was done was done by you, and you’ll be the one getting in trouble for what ever the other person did.
Protect yourself, protect your company. Use a long password, but don’t write it down.
Denny
I like the complexity requirements, but I hate changing it so often. I memorize it after two-three days but for those first three days I may as well be mashing keys trying to get in (sometimes I find myself wishing for the post-it!)
I cheat though, I take the same general pattern of random letters/numbers and just replace the special characters in it. I think I’ll try some of these tips next time I need to change it though
Another technique is to memorize a favorite phrase, and use the character positions to construct a password. Then you can write down the positions on a Post-it note (e.g. “554127-19-22″) and no one will be the wiser.
People will soon see cognative biometrics supplementing passwords.