Password Security is more than writing down a secure password.

I bought a day planner today and in it I found a section for passwords. I asked myself is this a day planner or an Identity Theft kit.  People are extremely hack-able because they are predictable and lazy.  I have seen it time and time again.  The new technique of hackers are to hack the users personal account then attack the corporate system.  So a person could lose their job, their identity, and their finances in one very bad day.  The most important thing to do is perform a risk assessment of yourself.  Know your assets, and know your protection of those assets.  Set the protection levels appropriately. 

Example: Accounts are assets, you protect them with passwords, depending on the data held in the account dictates the complexity of the password.  Have Multiple accounts:  Use one email address for online forms and normal account creation.  Use another for banking and accounts associated with Money.

Passwords have been the weakest link for years and now hackers out of Vietnam, Eastern Europe, and even in the US are exploiting this fact.  Secure and Safe Passwords start with user training.  More and more people are learning from bad experiences, data loss, and identity theft the importance of secure and changing passwords.  The current systems are not bad it is the users who need trained.  If we all start a program of Security Awareness Training then we can change the world.  Often hackers attack the people not the devices.  Policies are only half the battle, too complex and the users write them down and email them to yahoo or gmail accounts, to lax and the hackers have a field day.  Below are some easy ways to remember passwords and some simple security measures for password.

Password Protection and Training: 

Password Guessing or Dictionary Attacks are common attacks as well as easy reset questions.  

Use phonetic passwords, if your password is so random you can not remember it you are more likely to write it down or change it to something easy.  That is dangerous!  

Try something like this: Use the first letters of a sentence, all numbers and special characters.

I was married to Julie on December 5th of 2008!  Password: IwmtJoD52008!  Very Secure easy to remember and may even help you remember your anniversary. 

You can change it every 90 days to:

I was born on ...

My first child John was ....

Use multiple layers of security.  Use your security questions in a easy to remember but secure way.  Don't let the hackers reset your password.

Example of Unsecured Security Question:

Security Question: What was your first dogs name?  = If you answered SPOT you are not alone but easily guessed.  

Example of Secure Security Question:

Security Question: What was your first dogs name?  = Sp0Tw@smyf1r5td0g  (spotwasmyfirstdog using replacement value system) Much more secure.

Setup 2 Factor Authentication when possible.  This can be something like a Token device or Google Authenticator.  There are 3 factors of authentication:  2 Factor usally means Password and Token device.  Most mail programs such as google will allow you to add 2 factor authentication to you email.

• Something you know: Password, PIN
• Something you have: ATM card, Token Device
• Something you are:  bio-metrics such as finger print.

Treat your passwords like underwear:

1. Never Leave them out
2. Don't share them with others
3. Change them regularly