Common User Passwords

Janco has found that over 23% of all user passwords or either weak or use one of the most common passwords which are keyboard progressions, names or common words. They are:

Keyboard progressions

• 12345
• 123456
• 1234567
• 12345678
• 123456789
• abc123

Names

• Ashley
• Daniel
• Jessica
• Michael
• Nicole

Common words

• babygirl
• Iloveyou
• lovely
• monkey
• password
• princess
• qwerty
• rockon
• rockyou

A safe and secure password must follow the following criteria

• It should contain special characters such as @#$%^&
• It must be at least 8 characters long.
• It shouldn't be simply common words such as "password" or your login name, neither be your birth date, 123 or any words that can be found in the dictionary in any language.
• It must contain a variety of capital and lower case letters.

Also, these are the elements that you should definitely avoid when creating your password

• Logical sequences such as names of places.
• Common words such as ‘airplane’ should be replaced with symbols, example ‘a!rPlan£s'.
• Family names and dates of birth shouldn’t be included in a password.

Finally, it's very important to use a different password for each website you register with, the reason being that should you forget your password, you will no longer have access to your email account, chat or other services which you probably make use of on a daily basis.

The following policies that should be put in place for all passwords

• The password must be at least 8 characters long.
• The password must contain at least:
• one alpha character [a-zA-Z];
• one numeric character [0-9];
• one special character from this set:
  ` ! @ $ % ^ & * ( ) - _ = + [ ] ; : ' " , < . > / ?
• The password must not:
• contain spaces;
• begin with an exclamation [!] or a question mark [?];
• contain your login ID.
• The first 3 characters cannot be the same.
• The sequence of the first 3 characters cannot be in your login ID.
• The first 8 characters cannot be the same as in your previous password.
• Passwords are treated as case sensitive.

Examples of invalid or poorly chosen passwords:

• Your login ID.
• Names of co-workers, pets, family, etc.
• Phone numbers, license numbers, or birthdays.
• Simple passwords like "asdf" (adjacent keys on a keyboard).
• Words, which can be found in a dictionary.

Examples of strong passwords (the following are for example purposes only; do not use any of these examples as your actual password):

• Use a name, modified slightly, like "b0b$mith" or "M@ryL0ng".
• Use a phrase you can remember, like "hello world" modified to "hel10@World".
• "tL*5i?wu" (contains letters, special characters, and numbers).

Even though it is not a rule, it is strongly recommended that you use a combination of both upper and lower case letters.

Security Manual Template

This Security Policies and Procedures Manual for the Internet and Information Technology is over over 230 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley and CobiT compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002),CobiT, PCI-DSS, and HIPAA. Data Protection is a priority.