Password best practices

Posted by pcampbell on Server Fault See other posts from Server Fault or by pcampbell
Published on 2009-05-07T03:11:19Z Indexed on 2010/05/21 2:11 UTC
Read the original article Hit count: 501

Filed under:

password

|

security

|

best-practices

Given the recent events with a 'hacker' learning and retrying passwords from website administrators, what can we suggest to everyone about best practices when it comes to passwords?

use unique passwords between sites (i.e. never re-use a password)
words found in the dictionary are to be avoided
consider using words or phrases from a non-English language
use pass phrases and use the first letter of each word
l33tifying doesn't help very much

Please suggest more!

© Server Fault or respective owner

Related posts about password

remember password is not filling the password field automatically

as seen on Stack Overflow - Search for 'Stack Overflow'
IE is not filling the password field automatically when i click on the bookmarked url. But it's working on firefix,chrome etc. I tried with autocomplete="on" but no use. IE will fill the password only When i select a usename from the possible user names which the browser had kept for each login.… >>> More
Lost shell password: change user password from root

as seen on Super User - Search for 'Super User'
Hi. I recently accidentally forgot my user password to my shell. I know the root password. How do I change the user password? I figure it's something like $su root $passwd -[something] username but I can't get it to work. Halp pls? >>> More
[GEEK SCHOOL] Network Security 1: Securing User Accounts and Passwords in Windows

as seen on How to geek - Search for 'How to geek'
This How-To Geek School class is intended for people who want to learn more about security when using Windows operating systems. You will learn many principles that will help you have a more secure computing experience and will get the chance to use all the important security tools and features that… >>> More
Membership Generate Password alphanumeric only password?

as seen on Stack Overflow - Search for 'Stack Overflow'
How can I use Membership.GeneratePassword to return a password that ONLY contains alpha or numeric characters? The default method will only guarantee a minimum and not a maximum number of non alphanumeric passwords. I have the solution already but thought I'd share for future visitors. .. Answer… >>> More
Password Recovery without sending password via email

as seen on Stack Overflow - Search for 'Stack Overflow'
So, I've been playing with asp:PasswordRecovery and discovered I really don't like it, for several reasons: 1) Alice's password can be reset even without having access to Alice's email. A security question for password resets mitigates this, but does not really satisfy me. 2) Alice's new password… >>> More

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More