Strong passwords as defined by CompTIA objectives
CompTIA takes strong passwords so seriously that you find them in the objectives of the three main leading CompTIA certification tracks:
A+ 220-902: 3.2 Compare and contrast common prevention methods.
A+ 220-802: 2.1 Apply and use common prevention methods, and 2.3 Implement security best practices to secure a workstation.
Security+ SY0-401: 5.3 Install and configure security controls when performing account management, based on best practices.
Network+ N10-006: 3.3 Given a scenario, implement network hardening techniques
There are good reasons for this as your password is the main means that you can verify and access your online accounts including your banking! The problem is that a great many people have very weak passwords. Examples of weak passwords? 123456 and password1 are actually the most used passwords out there. As a result there has been a steady increase in the number of accounts that have been breached and user account data stolen. If a hacker was to get his hands on your username, and you have a weak password, it will only be a matter of time before they are in your account.
We are constantly reminded that thousands of accounts are stolen be it at Home Depot, Target or even the IRS where over 100,000 accounts were recently breached.
So clearly it makes a lot of sense for CompTIA to make sure that anyone with the A+ Certification credential is well versed in this potential threat to system security.
Under A+ 220-801 exam-objective 2.1 it shows up under: “User authentication/strong passwords” and under exam-objective 2.1 it shows up under “Setting strong passwords”. Under either of those you are likely to get a question relating to strong passwords. When we say “strong password” we are not formulating an opinion but addressing a definition as per the A+ exam (and Network+ & Security+). That definition is one that also happens to be widely accepted in the industry. So how are these “strong passwords” defined?
Here are the elements:
A minimum of 8 characters
No more than 15 characters (because if a password is too long then it will put may 1) have to be copied in too many places just to be available when needed and that’s a security issue in and by itself, and 2 it may result in too high a burden on support by users forgetting them).
Include at least one capitalized letter
Include at least one lower case letter
Include at least one number
Include at least one special character such as @ # % ^ or any other of those
Do NOT use the following anything that can easily be identified or associated to you:
- Your name or the name of anyone close to you
- Yours or any other license plate number
- Any of the above spelled backwards or with either a leading or a trailing number
- Any dictionary words
The challenge, of course, is to find a strong password that is also easily remembered. There are few mnemonic methods that can assist in achieving this. Use the first address you remember living at “House on 1061 Baker Road. Rent was $600 monthly.” You then turn that into a password by using the first digits of each word which would make your password: Ho1061br.Rw$6m
This is a strong password as it has 14 characters (more than 8 but no more than 15). It has upper case. Lower case letters, a number and a special character (the period) and you have a good shot at remembering it. The address is not the only way to go you could apply variations on this method to say your favorite sports team and the first or last ticket price and come up with strong passwords you actually will be able to remember. If you have a hard time coming up with anything on your own then you can use resources such as Diceware.
Although very important, strong passwords are just one of a great many items required on the A+ exam. As you can see in the exam objectives document it comes with 44 pages of lists of objectives you could get a question on. If you need a better idea of what the exam is like practice tests can come in handy. CertBlaster offers a practice test software for A+ Practice test bundle of both the A+ 220-801 (Hardware) and A+ 220-802 (Software) that include over a 1,040 practice questions of which 2 – 3 are strong password questions so there is a lot more to discover in there.