Do you insist that your clients all use complex passwords, or do you bow to the pressure of relaxing the rules?
If you’ve been in the IT business for any length of time, you’ve inevitably come across clients who don’t really take password security very seriously. Some individuals genuinely believe that the risk of security breaches is overstated. It’s fair to say they are mistaken.
You’ve probably come across all kinds of attitudes towards passwords. Some IT consultants even encounter company bosses who insist that all passwords (sometimes with the exception of their own) are exactly the same. These bosses are completely blind to the fact that a security breach is often as likely to be caused by a disgruntled ex staff member as someone outside the organisation.
The usual objection to complex passwords is predictable: “How am I ever going to remember them?”
If you’ve ever implemented compulsory complex passwords on a network and stayed present when the change requests kicked in, you’ve probably suffered a tirade of abuse.
The thing is, it’s not really that difficult to create a complex password that is easy to remember. Here are some ideas, both for you and for your clients:
- Use a string of text with a full stop on the end.
- Use a memorable word but place punctuation marks between every letter.
- Use the registration number of a first car, and put a punctuation mark at the beginning and the end. Security experts sometimes recommend against car registrations, but with random punctuation added, they’re pretty secure. They’re certainly better than “123456.”
- If a client wants to stick to a word that’s easy to remember, suggest they add a number and a punctuation mark at the end.
It’s not really that difficult to come up with a complex password that’s easy to remember – your users might just need some ideas to help. The one thing you shouldn’t do is give in to any insistence on letting them continue to use laughably predictable passwords like those in the list above. After all, it’s your phone that’s going to ring when someone breaks into their network.