PC World - While security has never been more important than it is today, the fastest way for an IT professional to become the most despised person in the company is to start enforcing a strong password policy. A policy perceived as overbearing may cause people to write down their passwords on a sticky-note near their computers, circumventing its very purpose. Your policy will be ineffective if your users don't know how to create strong passwords that are easy to remember.

Left to their own devices, people will choose passwords that are simple for them to remember. They'll use their spouse's name, their dog's name, their favorite sports team or a recent vacation spot.

Sometimes while working on a user's computer, I'll need to log on as them following a reboot. Unfortunately, they've wandered off, not wanting to hover over the IT guy. I generally prefer not to know other people's passwords, so I usually don't ask. In this situation, I sometimes take a guess. I've been right a surprising number of times, and sometimes with people who are very powerful. It's easy. I simply glance around their offices and note what their obsessions are.

Clearly, password policies are needed.

By using these following tips, people will be able to create easy to remember passwords that follow these typical requirements: at least eight characters long and with at least 3 of the following character types: upper-case letters, lower-case letters, numbers, and special characters.

Using these tips, you can create memorable passwords that will be nearly impossible to guess. Here are some examples of converting memorable information into a complex password

We'll start with some easy ones:

Friday becomes frYday!
Robert becomes #robERt#
867-5309 becomes 8siX753o9

More complex passwords:

19 Peach Place becomes: 0ne9peacHpl!
I love Jill becomes: eYelov3Jill
My dog Fritz becomes MeyedogfrltZ

While some of these examples look nearly indecipherable, you can see how they're not difficult to memorize--as long as you know the originating word, number, or phrase, and the basic methodology used to create it. By educating users on how to create strong passwords, you strengthen the security of your company, and your users will benefit additionally by have safer personal experiences with online banking and social networking.

Michael Scalisi is an IT manager based in Alameda, California.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Originally published on www.pcworld.com. Click here to read the original story.

Jump to comments

Security

Additional Resources

WHITE PAPER

EFD vs. HDD - What You Need to Know

Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.

WHITE PAPER

Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009

The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.

WHITE PAPER

Eight Criteria for Server Load Balancing

Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

11 comments | Add new

See all comments (11) | Add new

White Papers & Webcasts

Enterprise 2.0 Applications - Block or Not?
Learn what your organization should do to control Enterprise 2.0 Applications.

Data in Action: Making the Planet Smarter
Register Now

Product Overview Brochure
Learn how to deliver secure data and applications wherever and whenever they're needed.

Hosted Security Services: Why it make budget and security sense in today's economy
Watch Now

How to Secure and Accelerate Your Oracle Applications
Learn about the escalating application performance and security challenges facing corporations, today!

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Enterprise Application Delivery: No User Left Behind
Gain the ability to deliver applications to all users, using any device, across any network.

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

Accelerate SSL Encrypted Applications
Gain complete visibility into SSL application sessions, making it easy to apply appropriate acceleration and security controls to all SSL traffic.

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.

All White Papers | All Webcasts

Computerworld Reports

Computerworld Technology Briefing: More than Business Value

Computerworld Briefing: Staffing for Intelligence

8 Questions To Ask About Your Intrusion-Security Solution

All Computerworld Reports

Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.