We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,131 News Articles

Five password-security myths exposed

We separate fact from fiction

Passwords are a critical line of defence between your sensitive data and prying eyes, so separating fact from fiction about password security is a must.

Contrary to popular belief among many admins, smart cards and Kerberos can't prevent all forms of password hacking. Organisations should certainly strive to embrace both types of improved authentication, as they defeat many attack classes. But you should know exactly what you are and aren't defeating as you expend resources and efforts in your new authentication projects.

The aforementioned myths are but a sampling of the misinformation out there. Fortunately, there are plenty of defences you can add to your list of security policies to keep your systems and data safe. For example:

  • Increase the minimum length for end-user passwords to 12 characters - and 15 characters for admins.
  • Don't enter your password on untrusted computers, and never use the same password for different systems.
  • Disable weak password hashes and authentication protocols, such as LAN Manager and NTLM Version 1.0.
  • Consider two-factor authentication.
  • Sniff out and remove plaintext passwords on your network.
  • Improve end-user education - including a lesson on phishing - to prevent password attacks.
  • Keep your software current and patched to ensure the programs contain the latest security fixes and defences.

The myths I've dispelled here and tips I've offered are just the tip of the iceberg when it come to understanding and preventing password-oriented attacks. Still, they should help in the ongoing fight to keep the bad guys out of your systems.

See also: The 30 biggest technology myths exposed

  1. We separate fact from fiction
  2. Can you prevent pasword hacking?

IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback