Announcing the Global SNUG Board of Directors. Learn more here
The first line of defense
In the first post we introduced this series and the concept of shared responsibility for security. Passwords are fundamental, and are like the keys to your house. Hand over the keys, and you’ve handed over your house and everything inside it. When securing your instance, the first line of defense is strong password security, but this topic is often overlooked or taken for granted.
The traditional advice on choosing passwords is now considered to be wrong and outdated. Your users may not know what makes a ‘good’ password, or how important it is to keep it safe, and this can lead to security failures.
So, what is the best practice for password security?
The official recommendations have changed. Previously, we were encouraged to choose relatively short, complex passwords and to change them frequently, but current thinking says we should choose longer passphrases and only change them if there is reason to believe they’ve been compromised.
It turns out that we have been selecting passwords that are difficult for us to remember, but easy for computers to guess. This illustration from XKCD explains why:
To add to this, because of a lack of training and the burden of having to remember so many sets of credentials, many people are still using very simple and well known passwords. Lists of these common passwords can be easily found on the internet, and attackers use them to try and break into online services, in what is known as a Password Spray Attack.
Though these attacks are often successful, the good news is that they are easy to deflect by implementing a few simple measures.
Now we have covered the basics of password and account security, we can consider what else you can do to make authentication more robust. In the next post, we will look at ways to enhance security even further by using multi-factor and IP address authentication.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.