Basic security with passwords
To make users create strong passwords, and in that way improve the security of a system, it's a good idea to define the type of password that can be created. There are several ways to do this:
  • make them use a password generator
  • setup some guidelines like how much the password has to be long, what characters have to be used, etc.
  • check the integrity of existing passwords with a cracking program and alert users with a weak password.
There are various cracking programs that you can use, some of them are:It's wise to change the password frequently as well as avoiding having people look at you when you type your password. There's never enough paranoia when it comes to protecting your data.

Default passwords

Many applications, that need identification in order to be used, have a default password. Although this password may be easy to remember, you should change it as soon as possible. Lists of default passwords can be found all over the net and that's probably one of the first things an attacker is going to try using. The same thing applies for any situation when a password is assigned to you, login and change it, right away.

An example of a list of default passwords can be found here.

For much more information on passwords and other methods of authentication, I recommend reading the excellent Authentication: From Passwords to Public Keys by Richard Smith.

As it says on the Addison-Wesley book page:

"[This book] gives readers a clear understanding of what an organization needs to reliably identify its users and how different techniques for verifying identity are executed."

And, to close this article, here are two interesting articles you might be interested in:


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th