l kout initiative choosing a strong password office of information technology
TRANSCRIPT
“Lkout” Initiative
Choosing a Strong Password
Office of Information Technology
2
Office of Information Technology
Important Note
The information published hereafter is just a collection of selected IT industry best practices and tips that might assist you in improving the security levels against computer related threats while exercising your computing activities.
The information published hereafter is not meant in any way to provide a comprehensive solution nor to ensure full protection against computer related threats.
3
Office of Information Technology
Choosing Good Passwords
> Weak passwords are one of the most common reasons for identity theft and access to your or your organization information.
> When choosing a password, make it as difficult as possible for someone to guess but as easy as possible for you to remember.
4
Office of Information Technology
The DON’Ts in password construction
> DO NOT construct a password based on your login name in any form
> DO NOT construct a password based on biographical information about yourself or your family members such as: Names of family members Birthdates or important events IDs (social security number or
driving license number)
5
Office of Information Technology
> DO NOT construct passwords based on your telephone number, the brand of your automobile, the name of the street you live on, etc.
> DO NOT construct passwords based on your favorite pet’s name.
> DO NOT construct passwords based on your friends names, or favorite star, etc.
The DON’Ts in password construction
6
Office of Information Technology
The DON’Ts in password construction
> DO NOT construct passwords with words that can be found in a standard dictionary (English or foreign) or are publicly known slang or jargon.
> DO NOT construct passwords that are based on publicly known fictional characters from books, films, and so on.
> DO NOT construct passwords based on the company’s name or geographic location.
7
Office of Information Technology
> DO NOT construct a password using a word identified in the previous bullet points that is reversed, rearranged, doubled, or even mirrored.
> DO NOT construct a password using a word identified in the previous bullet points event if you substitute certain numerals for characters they look like (0 instead of an “o” and 1 instead of an “l” or “I”). Example: “pa$$w0rd”.
> DO NOT construct a password using popular patterns like “xyz” or “qwerty”
The DON’Ts in password construction
8
Office of Information Technology
> DO construct passwords that contain at least 6 characters.
> DO construct passwords that start with a letter.
> DO construct passwords that contain at least one uppercase letter (e.g. N) and 3 lowercase letters (e.g. t).
> DO construct passwords that contain at least one numerical character (e.g. 5).
The DOs in password construction
9
Office of Information Technology
The DOs in password construction
> DO construct passwords that contain at least one special character such as “!” if the application server permits.
> DO select a new password that contains at least 4 characters that are different than those found in the old password you are replacing.
10
Office of Information Technology
The DOs in password construction
> DO construct a password that is easy to remember.
> DO construct a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.
> DO construct a password that is hard to guess even by someone who knows you well.
11
Office of Information Technology
Putting Theory to Practice
Example 1:Pick a sentence that reminds you of the
password.
What time is my accounting class in Nicely 204?
WtimaciN2o4
If my car makes it through 2 semesters, I'll be lucky
imCmit2s,Ibl
12
Office of Information Technology
Putting Theory to Practice
Example two:
Be creative with your passwords
I miss you = nohss!w!
I feel great = If33lg8!
Wildcats are #1 = W!ldcatzR#1
13
Office of Information Technology
Putting Theory to Practice
Example three:
Using Lebanese Language in your passwords
>Shee_te32eeed!Shee_te32eeed!
>3aseer3nab3aseer3nab
14
Office of Information Technology
Putting Theory to Practice
Example four:
Use every day words. Add characters. Misspell
one or both words.
>FriendshipFriendship ==Fr13nd+ch1pFr13nd+ch1p
>LifelongLifelong == Layfl000ngLayfl000ng
>TeddybearTeddybear ==T3deBaReT3deBaRe
15
Office of Information Technology
Putting Theory to Practice
Example five:
Alter numbers
>10141014 == tenfourteentenfourteen
>10141014 == tenf.ourtenf.our
>10141014 == oneOone4oneOone4
>10141014 == wnOwn4wnOwn4
>10141014 == Tn.4.TnTn.4.Tn
>10141014 == tnfrtn24 tnfrtn24 (10+14= 24)(10+14= 24)
16
Office of Information Technology
Putting Theory to Practice
Good reference:
http://www.wikihow.com/Remember-Your-Password
17
Office of Information Technology
Acknowledgements
> Office of Information Technology team
> Work-Study students: Marwa Abdul Baki Donna Bazzi
> www.CartoonStock.com