Learn best practices for the creation of good passwords. Good passwords keep you and your data safe.

1. Best Practices
for
Password Creation

2. Overview:
 Composing hard-to-guess Passwords
 Tough Passwords
 Keys to Success
 Common Password Errors
 Change Password Every 90 Days

3. Composing hard-to-guess
passwords:
<http://www.jimguckin.com/2010/06/best-practices-for-password-policy/>
 Use at least two numbers in the first eight characters
 Pick long passwords, at least 8 characters in length
 Don't use a common dictionary word, a name, a string of
numbers, or your User ID
 Make sure to use special characters such as
$ . , ! % ^ *

4. The Toughest To Crack Passwords
<http://its.psu.edu/be-safe/password-best-practices/>
One of hardest to crack password methods is the pseudo-
random password. The actual password is generated from an
easy to remember phrase that is important to the user. This
phrase can be anything from the words from a book that you
particularly like, to words from a song that you always
remember with ease.

5. The key to a successful password is to create a phrase that is easy for you
to remember, but no one else will ever think about attributing it to you.
Examples:
Personal Phrase: "It was a dark and stormy night...".
Password : iWadasn7
Method: Chose first letter from each word, followed by the age of nephew.
Personal Phrase: My Brother's Birthday Is April (4) Twenty Two Nineteen Sixty
Three
Password : mbbi4tt19s3
Method: Chose the first letter from most words, and substituted numbers for
letters.
Keys To Success
<http://its.psu.edu/be-safe/password-best-practices/>

6.  Choosing passwords which are easily guessed -- so are not
really secret.
 Sharing passwords with coworkers, friends or family.
 Writing down a password and placing the password near a
computer or in a supposedly private place like a wallet.
<http://hitachi-id.com/password-manager/docs/password-management-best-practices.html>
Common Password Errors

7. Why You Should Change Your Password
Every 90 Days
<http://hitachi-id.com/password-manager/docs/password-management-best-practices.html>
5
6
Users may
share them
with friends or
coworkers.
2
1
34
To help minimize
some of the risk
associated with
losing older backups
to an attack
The servers that
store passwords
may be
compromised
and acquired by
an intruder
Users may be
tricked into
revealing their
passwords
(phishing)
Passwords may
be guessed,
either by humans
or software.
Users may write
them down and
they may
subsequently be
exposed.

8. Why Is This Important?
<http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014>
<http://www.nextgov.com/cybersecurity/2013/03/how-many-cyberattacks-hit-united-states-last-year/61775/>
The average cost of a cyber attack in 2014:
• $8.6 million in retail stores
• $20.8 million in financial services
• $14.5 million in the technology sector
• $12.7 million in communications industries.
In 2007 US-CERT received almost 12,000 cyber incident
reports. That number had doubled by 2009, according to
statistics from the Government Accountability Office (PDF),
and it quadrupled by 2012.

9. Now For A Realistic Solution To
The Problem
The Stanford Password Policy
 In April 2014 Stanford University adopted the new length-
based password policy after much research on password
usage and creation.
 It is expected to increase network security and lower
helpdesk calls for password related issues.
 Our nFront Password Filter system was modified to support
this new Stanford Password Policy (Read More…)

10. To see how our nFront Password Filter product can help
your company prevent weak and easily hacked passwords
please visit our website.
http://nfrontsecurity.com/products/nfront-password-filter