Just about everything you use wears out over time. Yet some people feel the need to use the same password for years on end. I have followed a few articles over the last few months and it seems that password usage best practices are hard to get to end users—between the Hotmail Scam that revealed the most common password is "123456" to the ongoing surge of phishing sites I see in my email every day. Here at SoftLayer we provide server security scanning automatically in the portal, which is used all the time. But, some of those same users do not review their personal security policy involving their login accounts.
In the customer portal over the years we have added numerous security upgrades to help alleviate password style attacks, including: the addition recently of the Verisign Identity Protection; and, some of the past changes like security questions, IP restrictions, and failed password attempt throttling. We are trying to do our part securing your account, but we need help from you as the end user by periodically updating your password and other security requirements. The chain is only as strong as its weakest link. Now go change your password! Here are a few simple guidelines to get you started:
- Make it as long as possible
- Use as many different characters as possible
- Do not use words listed in standard dictionaries as your password
Things not to do:
- Write your new password on a sticky note and attach it to your monitor
- Use one of the top 500 passwords
- Share your brand new password with friends
The bad guys are getting smarter, the end users (that means you) need to step it up too.
- Microsoft - Create a Strong Password
- Wiki - Password Strength (more information than you will ever want to know)
- Duke University - Password Security
- Imperva - Consumer Password Worst Practices (PDF)