Password and Passphrase Security
Overview
Password Security is an important part in protecting the data of
our organization. Current Standard (ISST
10.900 Identification and Authentication) requires a password to have a minimum of 8
characters and be strong. Changes in technology and the speed with
which passwords can be cracked, has led to changes in minimum
password strength recommendations.
The strength of a password is measured in how effective it is at
resisting guesses and brute-force attacks. Password complexity is
one method of creating a strong passwords.
We recommend using the 10-4 Rule
Passwords should contain a minimum of 10 characters that are composed of
characters from each of these four groups:
- Uppercase letters (e.g., A, B, C, Y, Z, etc.)
- Lowercase letters (e.g., a, b, c, y, z, etc.)
- Special characters (e.g., ! @, #, $, %, ^, &, etc.)
- Numbers (e.g., 1, 2, 3, 4, 5, etc.)
For example this is a strong password: "
Ird@7HPbk$"
A frequent complaint of users is the inability to remember
passwords. Often users will write them down or store them in a way
that would be considered a security risk. One method to overcome
this challenge is to use a memory technique such as a passphrase.
Using the example, "Ird@7HPbk$"
Try remembering: "I read all 7 Harry Potter books."
Or simply type out the opening line of a favorite poem, book, or
song.
Like this, "Somewhereovertherainbow1939" (1939 is
the year Wizard of Oz was released)
Important Dos and Dont's
- Do not share your passwords
- Avoid writing passwords down
- Change your password if you think it has been compromised
- Use different passwords for ALL your accounts
- Use a Password Manager