Password policies should be applied even if not required

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

Many folks, especially those who work for large businesses or government agencies, are familiar with sometimes infuriating password policies. While such policies may seem onerous, overbearing or even nonsensical, a good policy significantly improves an organization’s information security. In fact, implementing a password policy for one’s own personal accounts is a good tenet by which most should abide.

Some of the more common rules for passwords apply to length, reuse, complexity and forced change.

A good password is between eight and 16 characters long. Many systems simply won’t allow passwords longer than 16 characters. Anything fewer than eight may be too simple.

Further, a good password incorporates both lower- and uppercase letters, numbers and special characters such as punctuation. Be aware, however, that many systems still don’t allow some, or all, punctuation characters. This is really just a residual effect of early computer systems that had difficulty with such characters, and the restriction should be gone in a few years.

A good password policy forces the user to change his/her password periodically, most commonly every 90 days. Along those lines, a good password policy ensures that passwords cannot be reused for every three to five business periods; that is, you can’t use last quarter’s password.

In this day and age where everyone does their personal business online, however, many folks don’t follow these rules for even their most sensitive accounts, such as financial accounts or email. Talk about nonsensical … especially in light of all of the high-profile security breaches in just the past couple of months.

Don't miss out on what's happening!

Stay in touch with breaking news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

Folks should follow the above rules for all of their own personal logins, whether it’s your insurance company, bank, email or even social media such as Facebook and Twitter. Make sure you have a long, complex password and change it periodically. Don’t reuse your old passwords. Sure, this can be a pain in the okole, but the consequences of not doing so are much worse.

Don’t limit your own personal policy just to logins. Make sure, for example, to change the password on the wireless network in your house on a regular basis.

Don’t worry too much about forgetting your password. Just about every reputable online organization has a way to automatically reset your password with a couple of clicks. Sure, you should try to remember your passwords as much as possible, but a forgotten password is a trivial problem, especially when compared with a hacked or stolen password.

John Agsalud is an IT expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at johnagsalud@yahoo.com.