Password Strength

Justin Ward — Mon, 23 Jun 2008 18:56:00 GMT

So, what’s your computer’s password? Is it written on a yellow sticky note in your desk drawer? Is it your name? Your kid’s birthday? You probably wouldn’t tell me, but could I figure it out? More importantly, could a hacker using password cracking software figure it out?

Your password grants you access to all the information stored on your computer, and in many cases, to your company’s internal systems. If a hacker or some other malicious person gains access to your password, you could have a serious security breach on your hands. You certainly don’t want someone posing as you wreaking havoc on your company’s servers. And likewise, you wouldn't want anyone accessing the personal information on your home computer. One security measure you can use to help defend against this kind of attack is ‘password strength.’

Your company probably has some sort of policy regarding password strength, (if not, it should). The strength of a password can be determined by length, complexity, and randomness. In an upcoming release of our version 7 products, we are increasing password strength by requiring longer, more complex passwords. So, for example, when a new user is created in the program, the password must be at least eight characters and include one alphabetic character and one non-alphabetic character (i.e., 0-9, !, @, #).

Keep in mind, while using strong passwords can lower the risk of a security breach, it does not replace the need for other security controls.

If you are interested, here’ a good article on Microsoft’s website called, Strong passwords: How to create and use them.

From the Doc Side : Password strength

Password Strength