Do you have a secure password? As technology advances, so does the definition of what is secure. Not too long ago, a six character password with a number or special character was considered to be pretty secure. Now that has gone up to at least eight (try signing up for a Microsoft Passport and you’ll see what I mean).
Then there are the experts that say you should change your password at least every 90 days. In the corporate world the IT department can enforce (or at least make a reasonable attempt at enforcing) tough password policies. If we tried to do that with our small business clients, we’d likely find ourselves with fewer clients. Too many hats. Too much to do. I don’t need the hassles of trying to think of another password. Besides which, such enforcement usually leads to employees writing the password and leaving it close by. Such as taped to the monitor. Or the clever ones who put it on a piece of tape on the back of their keyboards.
So what is a person to do? Recently several experts in security have begun recommending long passwords that are also easy to remember. Why not have a sentence? “My name is Brian DeLaet ” would be long but is also easy for others to guess. “My nam3 is BriaN DeLaeT” is also pretty easy to remember but is pretty difficult for someone to guess. That password is 23 characters long. It combines numbers, spaces and case changes. A hacker using brute force (such as a powerful computer that can try every combination of 23 characters) would soon give up and look for someone with a shorter password. I’m no mathematician but I know that a 23 character (or space) long password where each character can be one of over 70 different choices (numbers from 0-9, letters from a-z and A-Z, and special characters such as spaces or punctuation) makes for pretty astronomical odds.
So as you consider your password policy for your network, consider making the passwords very long with a few deviations from a regular sentence.