Passwords are one of the key elements of network and data security. Passwords secure your information and systems from unauthorized access. However, if you construct a poor password, your entire network or IT stack is at risk. To prevent this, it is a MUST for all enterprises to take appropriate measures to make sure their passwords are secure and strong. 

In this post, we are going to look at some of the important mechanics of password protection to help you create, change and protect passwords:

What is Password Protection?

Before we get into password protection, let us first see what a password is. A password is a set of characters which acts like a personal key to provide access to a computer, a network or any other system. Passwords ensure unauthorized users do not get access to these systems, rather only the ones that know the password do. 

Adding to this, passwords also help with accountability for all the data modifications or transactions happening within a system. Sharing passwords with your work colleague or a friend may result in providing unauthorized access to the system, and you can hold them accountable for their activities. But, what if they share the password with someone else? What if an unauthorized user made changes to your system or deleted some of your data? 

For this reason, it is highly recommended to authenticate and authorize users via strong and secure password to access any shared computer system or network. Each user is to be held responsible for the construction and protection of passwords. Poor passwords may endanger the information or system it is supposed to protect. Hence, it is better to construct a strong, unique password that is difficult to guess by malicious attackers. By the same token, it is very important to NOT use the same password for multiple accounts across websites. A good password is the one that is unique, easy to remember and contains distinct characters. 

Now, what is password protection? 

Password protection is a means of protecting your network and data systems by constructing a password for accessibility. Only individuals that know the password can access the information. Other unauthorized users cannot read, delete or modify your data set without the password. 

Passwords allow users to access different internet accounts across websites after the authentication process. At organizations, a powerful password protection policy must be in place to help employees understand the need to create, change and protect your passwords timely. This will maintain the IT integrity of the organization, besides also make employees aware of the security concerns.

Users accessing web applications must ensure to protect their passwords and take basic precautionary measures at all times. The thumb rule is to NEVER disclose your password. Remember, website admins or support agents NEVER ask for your password. Make sure to use different credentials for accounts on different websites. It may be difficult to remember different passwords for different sites, but the least you could do is keep your email password different from the ones you use for other websites. This is one of the ways to secure your email account, especially if these websites use your email address as a username. Not following this may result in malicious attackers getting direct access to your email account through a leaked password. 

Nowadays, most websites use your email for their password recovery mechanisms, hence it is extremely important to secure your email passwords. 

General Password Protection Measures:

Network users and administrators must follow various security measures to protect their passwords at all costs. Here are some of the key measures to abide by:

  • Construct a strong password by following the guidelines provided for the same.
  • Configure settings such as the user account gets locked or disabled whenever there are multiple failed attempts of incorrect password.
  • Use full volume encryption features such as BitLocker to secure your data with encryption. By default, BitLocker leverages AES encryption algorithm in XTS mode or cipher block chaining with a 128-bit or 258-bit key. It is included in all Windows versions after Vista.
  • Store sensitive information on network servers rather than on local storage.
  • Don’t entirely rely only on the built-in password protection of web applications. Use encryptions and other mechanisms as well.
  • NEVER send your passwords in plain-text form across the network. Always use the encrypted form of password.
  • Turn ON the password shadowing on UNIX/Linux systems.
  • Use sniffer detection mechanisms and anti-sniffer tools to prevent criminals from sniffing your passwords that are transmitting across a network.

Password Construction Guidelines:

Poor or weak passwords with just a few characters or short length may be easily cracked. Such passwords expose your organization’s systems or network to risk. That is why constructing strong and secure passwords is a MUST today. Users need to create a password that follows the below given guidelines:

  • Length of the password must be long. It should be like a passphrase. Use a password that is easy to remember, difficult to crack and add spaces between characters to make them long.
  • Passwords must include a minimum of 12 characters.
  • Passwords should include a minimum of 1 lowercase letter.
  • Passwords should include a minimum of 1 uppercase letter.
  • Passwords should contain a minimum of 1 numeric.
  • It is good to use symbols such as @  # $ % ^ & * ! etc.

Here are some of the best examples of construction strong and secure passwords:

  • Construct a passphrase based on your favorite movie, sentence, movie phrase or nursery rhyme:

Say for example, “Humpty Dumpty sat on a wall!” “The Avengers is awesome 9856” “Fuller House 2022” “#Spider Man No Way Home is so fun”.

  • Create a password on objects that you see around you randomly

Say for example, “2 frames on the WALL”, “Clock, Lamp, &Curtains 576” “Phone 1 Desk 2 Speakers”.

  • Use special symbols and insert them randomly

Say for example, “N*t compl3t3ly $@f3”, “c@nnot cr@ck 3@sily” “wh@t$h@pp3nning”

  • Use creativity! Pick a pattern that only you are familiar with and others cannot crack. 

For this, you may use important events in your life, name of the project you’re working on, or name of your distant friend or relative.

Say for example, “Tony Brown is meeting on 7th”, “major Azure project coming on 10th”.

Important note: Do NOT use the exact password examples given above as this may compromise your data security; these are only examples.

Password Protection Guidelines:

  • Passwords should be kept confidential. Hence, NEVER disclose, hint or give away your password to anyone, including the IT admins, staff, employees, support agents, co-workers, relatives or friends at any cost.
  • If someone from the IT administration asks for your password, immediately contact the IT Support Team.
  • NEVER send the password over a network in the form of plain-text through an email as it is highly unprotected. Always use encryption for your passwords.
  • NEVER save your password unprotected in a written form in your phone or in your paper notes. If you have to keep a record to remember your passwords, then make sure you store it in protected electronic notes in an encrypted form.
  • Web browsers often provide a “Remember Password’ feature for different websites; NEVER use it. This may allow malicious sniffers or attackers to sniff your password or clearly see your password in the plain-text form.
  • Always use separate passwords for your email account and other user accounts on different websites. This will keep your email secure and protected. Re-used passwords are one of the top means attackers use for unauthorized access.
  • Change your password regularly. 
  • Configure the settings for two-factor authentication (2FA) for an extra layer of security. 
  • If you suspect weird activity with your user account or detect that your password is compromised, contact the IT Security team immediately.

Also Read: How To Share Passwords Securely In The Workplace