Maximum Password Security

In this chapter, we have covered many techniques for selecting and protecting passwords. But there are times when we have to go through extreme measures to protect our passwords. The following are some more techniques that should satisfy even the most paranoid system administrators:

• Alternate between left- and right-hand letters— By choosing passwords that alternate between hands, it is more difficult for someone to watch you type your password. Also, learn to type so that your hands are above the keyboard to better conceal what you are typing.

• Do not try to type too fast if someone is watching you— When typing your password too fast, you can make errors requiring you to type your password all over again, giving the other person another chance to watch you.

• Always look at the screen to make sure you are in the right field before typing your password— It doesn't do much to conceal your password if you type it in the User Name field.

• Be careful about which keys you use in your password— Some keys, such as the spacebar, have distinct sounds that a well-trained hacker can distinguish.

• Use the keyboard to camouflage your password— If you suspect someone is listening to you type your password, type in extra characters followed by the backspace key so they cannot determine the length of the password. In fact, you could just do that always to make it part of the password itself.

• Use acceptable characters— It might be tempting to use high-ASCII characters in your password using combinations such as ALT+255. Keep in mind that while you are making your password extremely difficult to crack, some keyboards, such as laptop keyboards, will not always let you enter those characters.

• Check your command-line tools— Some characters, such as quotes or spaces, will not work when entering a password with certain command-line tools. Some tools will interpret those characters as having a special meaning and not include them as part of the password. Test out your common command-line tools before using those special characters in your passwords.

• Vary your characters— Typing a password on the number pad is fast, but you have pretty much given away the fact that your password is only numbers.

• Enforce password complexity requirements in Windows 2000— Forcing password complexity is inconvenient for the end user but it's one of the best defenses available today.

• Train yourself how to remember very long passwords without ever having to write them down— It is an indispensable skill that you certainly can learn.

• Learn how long it would take to crack your password— With this information, be sure to change your password before that much time passes.

• Schedule password days— Several times a year, go through and change every password for every account on every device attached to your network. Be sure to include easily-overlooked passwords, such as those on routers, online Web accounts, domain registration passwords, and local administrator passwords on each workstation. Hackers like to keep several passwords on hand in case one changes. By changing them all at once, you might be able to lock them out completely.