The National KE-CIRT/CC

Tel Hotlines: +254-703-042700, +254-730-172700

Choosing and Protecting Passwords

Choosing and Protecting Passwords

A password is a string of characters that people can use to log on to a computer and access files, programs, and other resources. Passwords are a common form of authentication and are often the only barrier between a user and your personal information. There are several programs attackers (someone who tries to break into computer systems) can use to help guess or “crack” passwords, but by choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information in your computer or online.

Why do you need a password?

Think about the number of Personal Identification Numbers (PINs), passwords, or passphrases you use every day: logging on to your computer or email, getting money from the ATM or using your debit card in a supermarket, signing in to an online bank account or shopping online…the list seems to just keep getting longer.

Passwords provide the first line of defense against unauthorized access to your computer. The stronger your password, the more protected your computer will be from hackers (someone who tries to break into computer systems)  and malicious malicious software, commonly known as malware(malware is any software that brings harm to a computer system). You should make sure you have strong passwords for all accounts on your computer.

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to guess or “crack” them. Consider a four-digit PIN number. Is yours a combination of the month, day, or year of your birthday? Or the last four digits of your ID or PIN number? Or your address or phone number? Or the initials of your names. Think about how easily it is to find out this information about somebody. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to “dictionary” attacks, which attempt to guess passwords based on words in the dictionary.

What to consider when choosing a password:

•    Use different passwords on different systems.
•    Don’t use passwords that are based on personal information that can be easily accessed or guessed.
•    Don’t use words that can be found in any dictionary of any language.
•    Develop a mnemonic for remembering complex passwords.
•    Use both lowercase and capital letters.
•    Use a combination of letters, numbers, and special characters.
•    Change your password often.
•    Use passphrases when you can.
•    Never give out your password to anyone.

Powered by ITU/IMPACT