Ugh. Passwords. The concept has been around as long as civilization itself. But are they the best way to protect account access in the digital age? How do you insure that people use “strong” passwords? What is a “strong” password, anyway? And when is a password – regardless of its strength – not enough?
The difficulty from an administrative perspective is that the restrictions we impose on our users in an attempt to force them to create strong passwords are often counterproductive. If the password must be at least 8 characters long, must contain both upper- and lower-case characters and at least one numeric and one “special” character, and cannot be a word that’s in the dictionary and must be changed every 90 days and cannot be a password that you’ve used before, you’ve almost guaranteed that it’s going to be written down somewhere because it will be nearly impossible to remember.
So what’s an admin to do? Well, there are some guidelines that we can give users to help them create strong passwords that are easy to remember. Read More