The advent of the Internet (actually the advent of software used by the general populace) has create an entire new bunch of folks with ulcers caused by the worries around password management. Passwords it seem are both the bane of our existence and, apparently, the most important thing in our lives.
Unfortunately the Cloud doesn’t really change this, good password protocols are as important in the Cloud as they were in an on-premise world and potentially even more so.
In the Cloud security report we wrote for CloudU, we spent a bunch of time talking about what Cloud users can and should do to ensure they keep themselves safe, at least when it comes to passwords. It’s always worthwhile reminding people of stuff that, frankly, they should know about anyway – sometimes it’s the most obvious things….
So to that end, here’s our checklist for good approaches to password in the Cloud;
- Complexity – the more, the better. Combinations of letters, numbers, cases and special characters wins the day here 9and please don’t use “password” as your password!)
- Expiration – A fancy way of saying that you shouldn’t use the password you used for your first email address in high school when you’re 45. Passwords should be refreshed regularly (kind of like your underwear)
- Differentiation – The Lord of the Rings was all about One Ring to Rule Them All, passwords aren’t like this so please don’t use the same password on the 53 gazillion social sites you’re a member of
- Minimum requirements – A system that would allow me to chose the password “1” is just plain dumb. Administrators need to introduce minimum password requirements into their policies
- History – There’s nothing worse than users who have a revolving door policy to passwords, alternating between the two same passwords every time a change is required. Keep ‘em fresh is the best approach
Follow our guidelines and your cloudy (and non-cloudy) life will be a whole lot safer.
This series of posts are companion pieces to the CloudU series of educational material. We’d love you to join in some of our webinars or read the whitepapers the CloudU homepage is – here – and you can register to have updates sent to your inbox (in a non-spammy way of course!) there.
while the cloud does not change this, I think we all agree the cloud CAN and SHOULD change this, bring on a better way
Tools like 1Password become very valuable when you’re trying to manage 100 different logins to online services
Agreed – my choice is LastPass