Oct 29, 2010

Tips to Create a Stronger Password and Manage Admin Users in Your Company

Maybe this topic is to ridiculous to me, but sometimes, for other people, it’s very useful. I’ve traveled so much, meeting so much clients, and see how different company can loose it’s security, or tighten it up. Some company doesn’t realize that their company isn’t protected so much, and could hacked in anytime, and this company is big enough. So, these are the passwords that someone could lost his/her job just for let the default or common password reside in their admin users.

  1. pass@word1
  2. P@ssw0rd
  3. Sequential numbers forward and backward like 123456, or 12345678, or 87654321
  4. princess
  5. Sequential characters like abcdef
  6. Sequential characters in keyboard like qwerty, asdfghj, zxcvbnm
  7. Combination of sequential characters and numbers like abc123, or qwerty12345
  8. If the website name is RockYou.com, the password is sometimes rockyou

So stupid isn’t it? You could prevent all of hacking actions using a stronger password. Stronger password are containing lowercase and uppercase alphabetical and numbers, and special characters. See… I’m using clause “AND”, and you may think that “gILa$2(vk_q0” will meet the requirements, and you may think that password will be lost sometime, because of too hard to remember. And if you try to write it on a paper, someone could stole your paper and see the password.

Try to find some sentences, in a normal ways. If you could, try find it on another language, not in English. Some password cracker application could find the password on it’s library, and think that the password is in English, like “princess”. Try “Admin for Rock You.com”, or “Library Administrator on Department”, or use another language, like in mine, “password goblok”, it means “stupid password”.

And from that point, you could change the sentence into 1 word only and don’t make an obvious password and easy to read, using combination of alphabetical lowercase or uppercase, and numbers, and special characters. Example for “Admin for Rock You.com” is “4Dm1n4RY” or “My@dM1nR0cKY0u”. Or you can try “I don’t remember” changed into “1dnTR3m3m&er” as a password.

In that way, you can still remember the password but with better security.

How to Manage Admin Users?image

Try to disable the domain admin, and create a new user as a domain admin. The Domain Admin in Active Directory is “Administrator”, so if you in Microsoft Corp, maybe the login sentence like “MICROSOFT\administrator”. Before you disabled the Domain Admin, try to create a new standard user, for example “MICROSOFT\pegasus” or “MICROSOFT\superman”, and use the above tips to create password. Join this user to “MICROSOFT\Administrators”, “MICROSOFT\Domain Admins” groups, or any other groups equivalent to “MICROSOFT\Administrator”, and then you can disable the MICROSOFT\administrator”.

 

If you have any other products like SQL Server or SharePoint, or even ForeFront, or any products which require an administrator user, specify all of admin one by one. Don’t try to use “MICROSOFT\Administrator” or “MICROSOFT\superman” or anything equivalent to Domain Admins. For an example, specify “Microsoft\SQLServerAdmin” for SQL Server, “Microsoft\SPSAdmin” for SharePoint, etc.

Happy configuring…