PostsSecurityTips

Selecting a good memorable password.

By May 20, 2020No Comments
Credit: https://xkcd.com/936/

Why selecting a good, but memorable password is Key.

Here at Why Settle we currently work off the ‘NIST guideline for password policies’. The current policy, since 2016 states that enforcing user password resets will increase risk.

Below are two articles which explains it pretty well:
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/

https://www.sans.org/security-awareness-training/blog/time-password-expiration-die

As such,  we usually implement the below password policy on clients domain, and email servers, meaning that your users can not choose a ‘bad’ password.

– We do not have a password expiration policy in place.
– “You must choose a strong password that contains 9 to 16 characters, a combination of letters, and at least one number or symbol”

Because of the above, the advice is – pick something long, secure and memorable, such as combining two or three words with punctuation.

Non-expiring passwords only work when a long and secure password is used, and the password is unique – not shared with other sites or logins.


Inside the office, we recently have been using a custom developed tool in order to aid in our password choice process, there is only so many random passwords a mind can create on helpdesk before repeating the same, or making bad passwords.


If it is of help to anyone, you can access it here:

https://whysettle.co.uk/passphrase/

p.s. Below is an example of good and bad password choice when subscribing to the above methodology.

BadGood
Summer2020
(or any season!)
Daylight#Only!5
Kidsname!
(or KidsnameBIRTHDATE)
Bedroom/Circular*3
Blue2019Most#Uppermost#4
Apple20Hay*Lead#Band#0

We realise that this is only one of the many methods for creating a safe secure password, and also commend the use of password managers.

Why Settle

The Building Design Centre 125 Muir Street Hamilton ML3 6BJ