Passwords are an important aspect of computer security - they are the front line of protection for user accounts in a very wide variety of services and systems. This article provides a guide on the importance of complex passwords, how to create cryptographically strong passwords and reference links on creating passwords.
The following sections are covered:
Applies to the following Sophos products and versions
With a password you're not only securing your vacation pictures at your home from sneaky attackers who can hold them to ransom from but also the company confidential data and the resources you are authorized for.
There are many different ways to create passwords, randomly generated by hand, randomly created by a program like a password vault, using your pet's name + mother's maiden name + birthday or even just picking random words you can memorize, but modifying them with letters and numbers. Here we will discuss the most important parameters to keep in mind when creating a strong password.
No matter how good the password is, it won't do you any good if you can't use it with the program. Always check the application to see what the minimum and maximum characters that are required, what special characters are allowed and how many numbers or digits must be used. Most programs will outline the password requirements below the password creation window or in the online help.
Dictionary words, especially names of important people, relatives and pets is a bad idea. There is a good chance that someone making a random attempt on your account will use a program that performs a dictionary attack first. If a word is in the dictionary or on your Facebook profile then you shouldn't use it. A more targeted attack might check things like pet names, relatives and birthdays first.
Passwords should never include any company related words and other guessable words such as pet names, hobbies, or supported sports teams.
Some of the easy way to remember passwords are not words but phrases or sentences. Make use of a line from your favorite novel, song or poem. To adopt this passphrases, get the abbreviations of the lines as abbreviations are usually immune to attacks. Remember that the magnitude level of attacks may depend on each unique character you added to the password.
A good strong password is a combination of phrases that contains both upper and lower case letters, punctuation characters and numbers. Don't rely on substitutions to obscure a word as these are not strong enough and avoid using simple adjacent simple keyboard patterns.
Here are some basic tips you can follow to build a secure password:
A password needs to be secured once created.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.