STRONG PASSWORDS REAP REWARDS
Just as a deadbolt lock provides better home protection than a simple screen hook, a well-chosen password is more effective in preventing unauthorized access to a judiciary information system than a weak one. According to a global security report by Trustwave, weak passwords were a factor in 31% of the 691 compromises analyzed as part of their research.
Taking a closer look, the compromises were effective because end users created easily guessed passwords, such as “123456” and “Password”; left default passwords intact (e.g., a wireless router’s password pre-selected by its vendor had not been changed); and used “remember my password” functions on browsers, which sometimes can be compromised by malicious software intent on stealing this information. It is especially important for passwords that protect your sensitive accounts, such as Judiciary Enterprise Network Information Exchange (JENIE2) or an online banking account, to be difficult to guess, periodically changed, and well-protected (e.g., not shared or written down where a casual observer can see them).
What makes a password strong?
Collectively, complexity, length, and expiration (also known as “aging”) contribute to a password’s strength. Understanding these characteristics positions you to create a strong password when you get a new account or when you need to change a password.
Complexity: Because there are more possible combinations, passwords constructed from a variety of character types are more diffi-cult to guess. Password complexity requirements vary from system to system, but it is recommended that passwords include a mix of:
Upper and lower case letters (i.e., A-Z, a-z),
Numbers (i.e., 0-9), and
Non-alpha-numeric characters (e.g., $%^).
Length: In general, the longer the password, the more difficult it is to compromise because there are more possibilities that a hacker needs to try in order to successfully access a user’s account. While longer is better, too long may lead to poor password management practices, such as writing passwords down or not changing them periodically. To balance ease of use with security, a complex pass-word that is at least eight characters long is generally considered a reasonable middle ground for the typical end user.
Password Expiration: It is important to understand that changing passwords is an important part of keeping your passwords strong and secure. In the event that a password is compromised, it can be readily used for the entire time frame in which it is valid. Periodi-cally changing it limits this window. While some systems permit a user to change a password at the user’s discretion, e.g., Yahoo! Mail or Facebook, most corporate systems, such as JENIE, require the user to conform to a defined schedule.
It is recommended that passwords expire within 180 days
Can I Check to Find Out How Safe a Password Is?
Password checkers, such as the one below, evaluate your password’s strength:
How Can I Remember Multiple Complex Passwords That I Frequently Change?
One way is to select a strong, easy to memorize password as a “core”. Then add numbers and special characters in front, inside or at the end of the core. For each application or system add a different character, such as “E” for email or “F” for Finance.
For example: Use lines from a childhood verse or a favorite song (e.g. My country tis of thee) plus numbers and characters.
Core Password: M2ctot&
Email Password: M2ctot&E
Finance Password: M2ctot&F
How can you avoid common password mistakes?
The link to this tip of the month is on our JNet Security Awareness Resources
For additional information on selecting strong passwords and protecting them, see the brochure Guide to Creating and Protecting Strong Passwords.