D/EU: Secure Passwords

Every PC user, regardless of whether at home or at the office, has already been confronted with this topic (which probably originated as early as the time of the first multi-user systems): secure passwords.

Today, passwords are needed in almost all modern devices or upon the use of services. Some passwords are less critical than others. The password that one uses for a private Internet forum, for instance, is less important than the password for the firewall for the company network.

Nevertheless, all passwords should satisfy certain requirements in order to be deemed to be secure:

- Minimum length of eight characters (longer = more secure)

- Use of lowercase/capital letters, numbers and special characters

Such complex passwords always harbor the risk that employees will record them on a note or in a document on the computer in clear text.

In order to prevent this problem, there are various options for supporting employees in selecting and/or memorizing secure passwords.

- Password Guideline

Every company should make available to its employees a password guideline with all requirements for password security. The user should also be made aware of the fact that, for example, private passwords (e.g., a password for an online shop) may not be used for business accounts (e.g., registration in the active directory) and vice versa.

Additionally, employees should receive tips in step with actual practice for generating secure passwords. One procedure that has worked satisfactorily is using the initial letters of all the words in a sentence, in order to form the password from this.

Example: "256bit AES coding is currently still generally deemed to be secure!"

This sentence would result in the following password: "2Acicsgdtbs!"

(Please do not use this example!)

- Password safes

A password safe is a program that securely stores all the passwords of a user, and allows access to the other passwords only upon entry of ONE password.

- Tools to generate secure passwords

Such tools automatically generate passwords that are sufficient for security requirements.

- Tools to examine whether a password is secure

Such tools examine whether, based on its structure and its length, a password can be classified as secure.

Passwords are often underestimated, since they form one of the fundamental building blocks within the security architecture of a company. Therefore, it is important that each company commits its employees to the use of secure passwords and, if necessary, offers assistance with the implementation in the form of tools or training courses.