Over recent months, a variety of incidents have occurred world-wide that have resulted in the compromise of services and data provided by a range of companies that you may use on the internet. 

Given these incidents, we are providing you with some useful tips for best-practice password management.   

The role that passwords play in securing an organisation's data and services is often underestimated and overlooked.  Passwords provide the first line of defence against unauthorized access.

Password-cracking tools continue to improve, and the computers used to crack passwords are more powerful than ever. 

Password-cracking software uses one of three approaches:

  • intelligent guessing
  • dictionary attacks
  • brute-force automated attacks that try every possible combination of characters

How to create a safe password

We encourage our Members to consider the following characteristics when thinking of passwords. 

Strong passwords have the following characteristics:

  • Contain both upper and lower case characters (e.g., a-z, A-Z)
  • Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
  • Are at least eight alphanumeric characters long (Windows passwords can be up to 127 characters long)
  • Is not a word in any language, slang, dialect, jargon
  • Are not based on personal information, names of family, pets, birth dates
  • Is significantly different from previous passwords
  • Passwords should never be written down or stored on-line

Weak passwords have the following characteristics:

  • The password is “password” or a derivative of the word password
  • The password contains less than eight characters
  • The password is a word found in a dictionary (English or foreign)
  • The password is a common usage word such as:
    • Names of family, pets, friends, co-workers, fantasy characters
    • Computer terms and names, commands, sites, companies, hardware, software
    • Commons words like ‘Melbourne’, ‘Australia’, ‘Sydney’, ‘Monday’
    • Birthdays and other personal information such as addresses and phone numbers
    • Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321
    • Any of the above spelled backwards
    • Any of the above preceded or followed by a digit (e.g., secret1, 1secret, secret1)