You can have the most secure infrastructure in the world, but if someone gets your username and password, all of that security is for nothing. At Superior Managed IT, we do our best to prevent malicious breaches for all our clients’ IT infrastructure. Despite following the best IT practices for software security, monitoring for issues, and patching software, a hacker could have access to everything if they obtain your login credentials (username and password).
Once that happens, there is little you can do until we (or your IT Service Provider) change your user password. After managing a business’s IT infrastructure, we still need to make sure that users are vigilant of their login credential security.
Over the past 5 years, academic security experts have written extensively about the importance and usefulness of strong end-user passwords. Nonetheless, IT administrators know all too well that end-users don’t want the extremely secure random 30 character password, such as r#Z2p$zv}V~LetZ^wH+q%vnMu”pzdh. However, security research suggests that the most important guidelines for password creation are as follows:
- Important login passwords should only be used once. The following online login credentials are most often considered important, but you may include more:
- work login (work computer, work accounts (e.g. RDP access))
- email login (work email, Gmail, Yahoo Email, Hotmail)
- banking/credit login
- internet service provider login (e.g. Comcast, Century Link)
- Phone/cell phone service login (e.g. AT&T, Verizon, T-Mobile, Sprint, etc.)
- Passwords should not consist of only phrases among literature
- Passwords should not be among the top 25 most common passwords (or slight modifications thereof) see https://en.wikipedia.org/wiki/List_of_the_most_common_passwords
- Passwords should consist of 14 characters or more to reduce the chance of password cracking success
- Passwords should consist of a combination of uppercase, lowercase, alphanumeric and non-alphanumeric characters
- Passwords should be changed once a year
Creating a Strong Password
Our top recommendation following the above criteria for end-user password creation is:
- two non-associated words that compose a mixture of upper and lowercase alphabetic characters
- at least 5 numeric characters
- at least one non-alphanumeric character
- a total composition of at least 14 characters
- all components placed in a non-predictable sequence
Examples of strong passwords:
- Green Porcupine; 83992; % = 839Green%92Porcupine
- Space Tea; 22137; & = &Space2213Tea7
- Novel Practice; 44208; # = 44Novel2#Practice08
- Blimey Tractor; 38393; * = 38Blimey3Tractor9*3
- Elephant River; 62577; ! = !Elephant62River577
If you follow the above criteria for password creation, keep passwords a secret between yourself and your IT organization (Superior Managed IT), set password policies to enforce password updates to once-a-year, enforce Multi-Factor Authentication, and your IT infrastructure and digital persona will remain secure.