Information Security Tips Series
Password Management and Software Application



0 Photo



Nowadays, access to a computer, logging on web sites such as online banking or using automatic teller machines requires the user to authenticate to confirm the user identity. Using password is the easiest and most commonly used method. Therefore, password management is very important. Active and good password management not only protects against unauthorised access, data leakage and even loss of money, but also protects the system from intrusion and destruction. The followings are recommendations and guidelines for password management and password management software.
Password recommendations

Entering the password into the computer system appears to be simple, but users often ignore good password management. The most common error is using simple password that can be easily guessed by other people, or easily cracked with password cracking software. The followings are some examples of improper password:

*    Most easy to guess password, such as "password" or "administrator";

*    Repeat or coherent letters or numbers, such as "888888", "123456", "bbbbbb", "abcdef ";

*    Individual, spouse name or well-known abbreviations, such as "philip", "hksarg" and "hkpf";

*    License plate numbers, ID Card numbers, telephone numbers, date of birth and the name of a street;

*    All systems use the same password. Less and more important systems should use a different password;

*    Disclose the password publicly or to relatives and friends;

*    Post the login name and password on the computer monitor or keyboard.

Important considerations

*    Set the password to at least six different combination of uppercase and lowercase letters, numbers and mix of special symbols, such as woP6@#;

*    While entering your password, pay attention to the stranger side view, from which passwords can be stolen;

*    Change the password at least once every 90 days;

*    Change the password immediately after first time log in or use of default password; 

*    Avoid using automatic login features on some web sites or systems, especially not in public computers;

*    Ensure the computer is locked or logged out before leaving to avoid it being used by others and change the original user's password;

*    If you suspect your password has been compromised, immediately notify the system administrator and change your password.

Password management software

There are some web browsers and password management software in the market that provides storage of user name/account name and password functionality and automatically logs in when users access websites or systems. Although it provides a high degree of convenience, it also creates a significant risk, particularly in the use of public computers.

Unless provided by your employer, user should avoid using the password management software and should not store passwords within the browser, especially not in public computer. The user should cancel the relevant function of the browser software. Some unknown password management software, designed by the attacker, may become a vicious attack tool. When users use this password management software to store passwords, the attacker can collect all the user passwords. The user might suffer huge losses.

Password is the first line of defence to prevent unauthorised access, and active implementation of good password management is the best way to maintain this line of defence.


<<Back to Features>> <<Back to Top>>