It begins with choosing the right password. We all have heard the ridiculous statistics about how many people use password as their password, or 123.
Some people say that short sentences are good passwords, because they are easy to remember and harder to crack/guess.
Apple seems to think an arbitrary jumble of characters and numbers is a good idea and offers to generate and remember those in your key chain. This might be, but you will never be able to login anywhere without accesss to your key chain, unless of course you can remember those random words, in which case you probably don't need a key chain to begin with.
Again other experts claim a password should be changed in regular intervals.
I for one think a single word or phrase, no matter how mangled with l33t, is an inherantly insecure way to protect anything. A better system would be to have a system scan a secret blog you have to write, and then ask you random questions only you could know the answer for: What did you dream of the day before yesterday or What color was your bowelmovement on Monday
Here are the rules enforced at my place of work
- Password must include at least two numeric and two special character
- Password must include at least two upper and two lower case characters (ie a-z, A-Z)
- Password cannot be set twice in 24 hours
- Password cannot contain requestor's GUID or exist in Security Exclusion list
- Password length must be between 15 and 20 characters
- Password may contain the second vowel of your cats name, unless you have a dog, then it must be the second to last digit of your first-born's social security number
- Password cannot be the same as the password of another employee
Security is also enhanced by oblique error messages when trying to authenticate
Here is the funny picture used for the blog post