In February 2015, the Federal Trade Commission reported that identity topped the list of consumer complaints for the 15th consecutive year. And, as you are aware, the recent security data breach reported by the Office of Personnel Management (OPM) affected millions of current and former government employees, including Judiciary employees, which brings this to a forefront as a major concern for many of us. Becoming a victim of identity theft can have troubling consequences. You may find your credit score downgraded, requiring you to spend time and money repairing it. You may face long hours closing com-promised accounts, and opening new ones. Meanwhile, you could be denied a job or a loan, or even be charged for crimes, such as making fraudulent purchases or passing bad checks, committed by someone using your identity.
http://jnet.ao.dcn/information-technology/security/security-training-and-awareness-resources/it-security-awareness-toolkit/tips-month/protect-against-identity-theft
STRONG PASSWORDS REAP REWARDS
Just as a deadbolt lock provides better home protection than a simple screen hook, a well-chosen password is more effective in preventing unauthorized access to a judiciary information system than a weak one. According to a global security report by Trustwave, weak passwords were a factor in 31% of the 691 compromises analyzed as part of their research.
Taking a closer look, the compromises were effective because end users created easily guessed passwords, such as “123456” and “Password”; left default passwords intact (e.g., a wireless router’s password pre-selected by its vendor had not been changed); and used “remember my password” functions on browsers, which sometimes can be compromised by malicious software intent on stealing this information. It is especially important for passwords that protect your sensitive accounts, such as Judiciary Enterprise Network Information Exchange (JENIE2) or an online banking account, to be difficult to guess, periodically changed, and well-protected (e.g., not shared or written down where a casual observer can see them).
What makes a password strong?
Collectively, complexity, length, and expiration (also known as “aging”) contribute to a password’s strength. Understanding these characteristics positions you to create a strong password when you get a new account or when you need to change a password.
Complexity: Because there are more possible combinations, passwords constructed from a variety of character types are more diffi-cult to guess. Password complexity requirements vary from system to system, but it is recommended that passwords include a mix of:
Upper and lower case letters (i.e., A-Z, a-z),
Numbers (i.e., 0-9), and
Non-alpha-numeric characters (e.g., $%^).
Length: In general, the longer the password, the more difficult it is to compromise because there are more possibilities that a hacker needs to try in order to successfully access a user’s account. While longer is better, too long may lead to poor password management practices, such as writing passwords down or not changing them periodically. To balance ease of use with security, a complex pass-word that is at least eight characters long is generally considered a reasonable middle ground for the typical end user.
Password Expiration: It is important to understand that changing passwords is an important part of keeping your passwords strong and secure. In the event that a password is compromised, it can be readily used for the entire time frame in which it is valid. Periodi-cally changing it limits this window. While some systems permit a user to change a password at the user’s discretion, e.g., Yahoo! Mail or Facebook, most corporate systems, such as JENIE, require the user to conform to a defined schedule.
It is recommended that passwords expire within 180 days
Can I Check to Find Out How Safe a Password Is?
Password checkers, such as the one below, evaluate your password’s strength:
https://www.microsoft.com/protect/fraud/passwords/checker.aspx
How Can I Remember Multiple Complex Passwords That I Frequently Change?
One way is to select a strong, easy to memorize password as a “core”. Then add numbers and special characters in front, inside or at the end of the core. For each application or system add a different character, such as “E” for email or “F” for Finance.
For example: Use lines from a childhood verse or a favorite song (e.g. My country tis of thee) plus numbers and characters.
Core Password: M2ctot&
Email Password: M2ctot&E
Finance Password: M2ctot&F
http://jnet.ao.dcn/information-technology/security/security-training-and-awareness-resources/it-security-awareness-toolkit/tips-month/protect-against-identity-theft
STRONG PASSWORDS REAP REWARDS
Just as a deadbolt lock provides better home protection than a simple screen hook, a well-chosen password is more effective in preventing unauthorized access to a judiciary information system than a weak one. According to a global security report by Trustwave, weak passwords were a factor in 31% of the 691 compromises analyzed as part of their research.
Taking a closer look, the compromises were effective because end users created easily guessed passwords, such as “123456” and “Password”; left default passwords intact (e.g., a wireless router’s password pre-selected by its vendor had not been changed); and used “remember my password” functions on browsers, which sometimes can be compromised by malicious software intent on stealing this information. It is especially important for passwords that protect your sensitive accounts, such as Judiciary Enterprise Network Information Exchange (JENIE2) or an online banking account, to be difficult to guess, periodically changed, and well-protected (e.g., not shared or written down where a casual observer can see them).
What makes a password strong?
Collectively, complexity, length, and expiration (also known as “aging”) contribute to a password’s strength. Understanding these characteristics positions you to create a strong password when you get a new account or when you need to change a password.
Complexity: Because there are more possible combinations, passwords constructed from a variety of character types are more diffi-cult to guess. Password complexity requirements vary from system to system, but it is recommended that passwords include a mix of:
Upper and lower case letters (i.e., A-Z, a-z),
Numbers (i.e., 0-9), and
Non-alpha-numeric characters (e.g., $%^).
Length: In general, the longer the password, the more difficult it is to compromise because there are more possibilities that a hacker needs to try in order to successfully access a user’s account. While longer is better, too long may lead to poor password management practices, such as writing passwords down or not changing them periodically. To balance ease of use with security, a complex pass-word that is at least eight characters long is generally considered a reasonable middle ground for the typical end user.
Password Expiration: It is important to understand that changing passwords is an important part of keeping your passwords strong and secure. In the event that a password is compromised, it can be readily used for the entire time frame in which it is valid. Periodi-cally changing it limits this window. While some systems permit a user to change a password at the user’s discretion, e.g., Yahoo! Mail or Facebook, most corporate systems, such as JENIE, require the user to conform to a defined schedule.
It is recommended that passwords expire within 180 days
Can I Check to Find Out How Safe a Password Is?
Password checkers, such as the one below, evaluate your password’s strength:
https://www.microsoft.com/protect/fraud/passwords/checker.aspx
How Can I Remember Multiple Complex Passwords That I Frequently Change?
One way is to select a strong, easy to memorize password as a “core”. Then add numbers and special characters in front, inside or at the end of the core. For each application or system add a different character, such as “E” for email or “F” for Finance.
For example: Use lines from a childhood verse or a favorite song (e.g. My country tis of thee) plus numbers and characters.
Core Password: M2ctot&
Email Password: M2ctot&E
Finance Password: M2ctot&F
This table is based on a Microsoft Online Safety guide and offers a slightly different version of how to create passwords so they can be remembered.
How can you avoid common password mistakes?
The link to this tip of the month is on our JNet Security Awareness Resources
For additional information on selecting strong passwords and protecting them, see the brochure Guide to Creating and Protecting Strong Passwords.
How can you avoid common password mistakes?
The link to this tip of the month is on our JNet Security Awareness Resources
For additional information on selecting strong passwords and protecting them, see the brochure Guide to Creating and Protecting Strong Passwords.