informa
/
Risk
News

Google Offers Advice On Strong Passwords

Passwords remain the primary means of online authentication, despite their shortcomings. That's why Google wants to make sure users' passwords won't be easily defeated.
It's National Cybersecurity Awareness Month and Google would like to remind you to choose strong passwords for your online services.

Coincidentally, several thousand users of Windows Live Hotmail, along with some users of Gmail and Yahoo Mail, are in need of new passwords.

SANS Internet Storm Center handler Adrien de Beaupr is advising users of Hotmail, Gmail, and Yahoo Mail to change their passwords following the exposure of several thousand Hotmail credentials on a Web site over the weekend.

According to Microsoft, the exposure was likely result of a phishing scam. And reports indicate that some Gmail and Yahoo Mail account information was also revealed.

Anyone who may have entered account information in a phishing site should pick a different password right away.

Google consumer operations associate Michael Santerre advises using unique passwords for every Web site. He suggests selecting a phrase and using the first letter of every word in the phrase or some variation of that as a password, ideally with special characters added in to make it more secure.

Santerre stresses that passwords should be a mixture of letters, numbers, and symbols to minimize the risk of dictionary attacks, by which cybercriminals use programs to try every word in a dictionary database as a potential password.

Using personal information as a password should be avoided because that information can often be found on social network profiles and aggregated from other online sources. Stay away from the names of pets or children, birthdays, phone numbers, addresses, or the like. They're too easy to guess.

And don't leave passwords on notes next to your computer, Santerre advises. It may sound obvious but it's a common issue.

Finally, Santerre suggests making sure that your password recovery information is up-to-date. After choosing a complex password, you may forget it, and you don't want the password reset e-mail going to an abandoned e-mail account or to someone who might exploit the opportunity to hijack your account.


The most influential event about the Enterprise 2.0 movement is coming to San Francisco this fall: Enterprise 2.0 Conference Find out more and register.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5