Definition: A Password is a string of letters (upper and lower case, numbers and special characters that is known by the operating system and a legitimate user of information resources. It's one of three methods of providing for authentication: a.) something you know, b.) something you are and c.) something you have. The person or device that is attempting to access an information system is challenged to provide a secret word and the user enters it. The system compares the user’s response with that which is expected for a legitimate user and access to the system is granted if there is a match. Otherwise, access is denied. The phrase or expression can contain letters (upper and lower case), words, numbers and special characters. This process is just one form of authentication.
Its Relevance: A business or individual should have a very robust plan on how to use private words to access information resources. Organizations should at least have a password policy for the purpose of authentication. An information security policy should exist on how the secret access phrases, words, numbers and special characters are to be used.
How to Create A Strong Password:
People who work with computers on a daily basis are repeatedly required to enter his or her passwords.
Individuals, for security purposes, are required to enter a secret word or phrase when they power-up their workstations. Employers, also, routinely require authentication to company workstations. Even Internet web sites ask us for our uniquely identifiable pass code before allowing access to our on-line accounts. We are presumably providing better security and protection for our confidential information when we using passwords.
Most users have the freedom to select their own password or phrase. But do you know how to create and maintain strong and robust passwords?
Computer and network security best practices require that everyone knows how to do so.The password is truly our front-line security tool to prevent unauthorized access to our information resources. Individual computer owners should know how to create strong and complex passwords. A business owner should also be aware and even consider creating a company-wide password policy and educating employees on how to follow through upon it. The alternative is to risk an unauthorized person gaining access to your valuable information resources.
A strong password, generally, should be longer in length (i.e. between 8 and 14 characters or more) rather than shorter, contain both upper and lowercase alphabetic letters as well as specialized alphanumeric characters. An example of such a password would be: SaM#XXxx5%.A passphrase may also be used and tends to be more complex than a password and usually provides even better security.
A passphrase might also be easier to remember. An example of a "passphrase" that can be easily remembered might be one that includes special characters such as: $4Lillies^Grow#Tall% in the Summer.
Regardless of a password or passphrase's strength, you should avoid writing it down or sharing them with others. Avoid using passwords or phrases that have their origin in the popular culture. You should also avoid including personal information in your password (i.e. your birth date or a pet's name).Passwords or passphrases should be changed frequently to remain viable and be unrelated to any previously used passwords. For example, avoid replacing one password such as "Jim's$PassPhrase$" with a new password that is similar such as "Jim's$NewPassPhrase$".Computer users should also avoid using common words such as "vegetables" or "fruit" as passwords.. Crackers or others who are trying to gain access to your information assets can easily use off-the-shelf programs to conduct what is known as a "dictionary attack". Modern day computers can literally test every word in the dictionary in an attempt to identify your password.Consider checking the strength or robustness of your password.
The purpose for using passwords or passphrases is to help assure the confidentially, integrity and availability of information assets. A prudent infrastructure owner and computer user may want to consider using additional techniques to improve user authentication.