Inspiration & Genius – One and the Same

Passwords complexity – made easier

Written by Steve Shead on August 25, 2009 Leave a Comment

Maintaining password complexity in a company seems to be a huge task. Explaining the reasoning behind the complexity issue is valid, but still some users don’t get it – or just don’t care – “why can’t I.T. take care of that?”. Talking “dictionary attacks” and easily predictable combinations while valid, still manage to frustrate users and even though it is as much their job to protect the work environment, they still seem to fall into some password traps, or don’t get it, or just don’t care (the last one is the one that bites!).

We can hike the complexity rules and force the issue (and I have), but then you’ll be finding passwords stuck on monitors, inside desk drawers, under keyboards and all sorts of other places intriguing places. Here’s a couple of ways to educate users to create complex passwords that can be somewhat easily remembered:

1. Take a common phrase that you know and love and turn it into a password. Here’s how:

I am from Luton Bedforshire – now take out the spaces

iamfromlutonbedforshire – now substitute numbers and characters for some letters

1@mfr0mlut0nb3df0rdsh1r3 – now you have a complex, 24 character password. It doesn’t have to be that complex but you can see just how easy it is to create a complex password.

2. Use a base word and some characters. The base word won’t change, but the characters or numbers will. Here’s how:

cryptogram – now substitute numbers and characters for some letters

crypt0gr@m – this is you base word. Now add characters or numbers

crypt0gr@m3116 – now substitute characters for the numbers using the SHIFT key

crypt0gr@m#!!^ – see how simple it becomes? You can write down the numbers anywhere – no-one will get it – unless you write down the base word of course!

These are just two off the top of my head. I know there are others, but I can’t think of them right now. If you have other ways to do this feel free to post a comment or email them to me and I’ll add them.

The point for me is to make this simpler for the users and lessen the risk. The fact that some users don’t care or get uptight will never go away, but we can choose to help them make it easier. Short of getting extremely stringent on the password policy, we have to do what we can to make it work. Whist it’s not right that we deal with the “I don’t care” attitude – it’s not going away anytime soon!

Posted in Tech | Tagged , , , , , , , ,

Leave a Reply

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»

Genesis Framework

Genesis Framework for WordPress

Studiopress Themes

Scribble Theme - A Beautiful Frame For Your WordPress Website

Advertisements