Cybersecurity Cyberwise Tips
May 11, 2021 | CyberWise – How to Create a Strong Password Recently, the State Department’s Directorate of Cyber and Technology Security released their guidance on creating strong passwords. Considering that most Federal and contract employees continue to work remotely, continued reliance on strong passwords for both business and personal accounts is very important. The most used passwords are extremely easy to guess and only take hackers a few seconds to crack. For example, “Admin1234” would only take 0.22 seconds to crack. By contrast, a memorable phrase such as “WherecanIfindagoodsandwich?” would take 771 years to crack with current brute force methods. How to stay CyberWise, according to the State Department: • When possible, use your PIV or multi-factor authentication. • Use different passwords for different accounts. If you are reusing a password on multiple accounts and a hacker cracks one of them, they may try the recovered passwords on your other accounts too. • Do not include personal identifiers like your phone number, name, child or pet’s name, or birth date, especially for those who were affected by the OPM breach in 2015 – this information is already on the Dark web. • Avoid selecting commonly used words (e.g., colors, fruits, animals, days) or phrases (e.g., “Password1234,” “DOSadmin1”). Password cracking tools include dictionary-based testing capabilities. • Do not use repetitive characters or patterns (e.g., “0000,” “1234,” “aaa,” or “7878”). • Consider using a unique passphrase that is easy to remember or picture in your mind, but difficult to guess. According to the National Institute for Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible.
[Show full text]