The Computing Technology Industry Association (CompTIA) has published some guidelines it hopes will help consumers protect themselves online. Specifically, the CompTIA has created guidelines on how people should use passwords. The main suggestion is to use four different passwords of increasing complexity, one for each of CompTIA’s four defined functions: surfing simple/general low-risk websites; shopping on e-commerce sites; working on financial websites; and logging in to sites/applications at work. According to John Venator, CompTIA’s president and CEO, “As we have incorporated computer use into more and more of our lives at home and at work, the number of passwords we use has grown exponentially.” However, if consumers stick to a planned pattern and change the passwords at least every three months, the effort to remember the varied passwords will easily be balanced by the increased security.
USER COMMENTS 23 comment(s)
Remember (9:15am EST Fri Feb 25 2005)
Place all your passwords on a yellow sticky note visible to everyone… – by Nunhgrader
users (9:29am EST Fri Feb 25 2005)
No matter how many you have you will still have the inept end users who share their password with their colleagues. – by rooker7
Two good points (9:45am EST Fri Feb 25 2005)
and there are many more that suggest the weakness of passwords. Yet too many admin proclaim user authentication as adequate security.
Think about the systems that are exploited. Simply having user accounts (not logged in as admin), having users login in the morning (daily timed forced logout at min-night), or using a free personal firewall could have prevented the attack.
When I 1st read the new (last 4 years) computer security regulations for a class on information security regulation, I thought the negligence penalties were too stiff. But 2 months later, I think they are good. The class is about the fact that lawyers are much more dangerous to your company than hackers. – by tech
Passwords …. (10:14am EST Fri Feb 25 2005)
What happens with you mandate passwords of 6 letters or more, then demand they be alphanumeric?
Passwords are the bane of our existance. Instead of demanding they be a fixed length, why not use a phrase, fingerprint or other means.
A pass-phrase like “Shama-lama-ding-dong” is easy to remember, it’s not a word, and should be more than sufficient for access rather than using the same base word, and modifying it over and over.
My job demands the 6 digit password, then demands that I change it every 8 weeks. So, I simply increment the numeric of the phrase. It’s better than calling IT every 8 weeks and asking them to reset my password. – by Hodar