Risk
6/27/2011
05:54 PM
50%
50%

Passwords: Tips For Better Security

You can make your passwords more secure if you follow a few simple rules: Don't reuse passwords, make them long and random, and don't be afraid to write them down, say security experts.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Accordingly, the simplest and easiest way to increase password security might simply be to write passwords down, albeit preferably in a highly secure manner. "The best investment you can make is to go out and get a [digital] wallet to keep your passwords in," said Thomas Kristensen, chief security officer of Secunia, a vulnerability information provider, in an interview. "To reuse your password on different sites is just the worst thing you can do. Look at all of the compromises of websites this year--there's the risk that they'll lose your account, and once your password is out there and associated with your email address, you probably won't know it's been stolen until they've heisted something."

Another advantage of digital password wallets is that the software not only makes it easy to store passwords, but also to generate a strong, highly random password. That makes it trivial to maintain a different password for each and every website used. Accordingly, the next time hackers crack a Sony password database, even if it contains your username and password, hackers won't be able exploit that combination anywhere else.

Digital password wallets, however, do mean one more piece of software to download, install, and use. "It's a nuisance, I know," said Kristensen, who's been using an open source application called KeePass for 10 years. But he said that using digital password wallets is simply a best practice. "It's not the perfect solution, but it's much better than reusing passwords."

When it comes to password management software that stores passwords securely, there are numerous options. For example, Bruce Schneier, chief security technology officer at BT, created PasswordSafe, an easy-to-use, open source password database for Windows. Such software is also available for the Apple OS X (for example, shareware PasswordWallet, which also works for Windows). Another option, the aforementioned KeePass, runs on both of those operating systems, as well as Linux.

Furthermore, many password wallets will synchronize passwords between your computer and mobile devices, meaning you can always carry a secure, password-protected copy of your passwords and PIN codes with you. (For the record, people's PIN-picking practices are arguably even poorer than their password selection habits.)

To recap: secure passwords by creating a unique and random, long and strong password for every website that matters. Then keep these passwords secure by storing them in a digital safe. Do that, and don't fear the next LulzSec.

Small and midsize businesses are falling prey to cyberattacks that cost them sensitive data, productivity, and corporate accounts cleaned out by sophisticated banking Trojans. In this report, we explain what makes these threats so menacing, and share best practices to defend against them. Download it now. (Free registration required.)

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1978
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admi...

CVE-2015-0741
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

CVE-2015-0742
Published: 2015-05-21
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registrati...

CVE-2015-0746
Published: 2015-05-21
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

CVE-2015-0915
Published: 2015-05-21
Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.