Friday, May 14, 2021

CIS Password Policy Guide

It is especially important for law enforcement analysts to understand the best practices for creating and using passwords. Remembering them - now that's another story! 

The Center for Internet Security Password Policy Guide is available at this link. The below password basics are from this document. They also provide advanced recommendations.

Password strength above a somewhat trivial level does not matter very much when it comes to cracking passwords. So why not have a policy that encourages reasonably strong passwords that are easy for users to create, remember, and use? This guide is designed to provide that.

"Good Password Basics

Here are some straightforward concepts to make better passwords. Keep in mind we arenot trying to make them impenetrable, but strong.

1 Length is the most important characteristic of a good password: In general, the longer the password, the better.

2 Think pass-phrase, not pass-word: If you think of a single “word,” it is difficult to some up with something long and memorable, but if you think of a “phrase” made up of 4 or more smaller words it is much easier.

14 or more character words:

  • Trichomoniasis, Antidepressant, Fundamentalism, Attractiveness, etc.
  • None of these are very fun to remember, let alone spell correctly

14 or more character phases (with and without spaces for readability):

  • With spaces: My Aunt Lives in Georgia; Without: MyAuntLivesinGeorgia
  • With spaces: The Ford Mustang is the Best; Without: TheFordMustangistheBest
  • With spaces: Cape Cod is a Fun Place; Without: CapeCodisaFunPlace

3 Avoid patterns: Do not use sequences of numbers letters or keyboard patterns like: 12345671234567, abcdefgabcdefg, passwordpassword, abc123abc123ab, qwertyuqwertyu, etc.

Don’t reuse a password or use similar passwords on multiple systems: Especially between home and work accounts. The primary reason is if someone discovers one of your passwords, you do not want them to now be able to access multiple of your accounts.

4 This is arguably the toughest of the four basic ideas, but you can use tricks to help, like bands/songs/movies/actors to help create a relevant and memorable phrase:

• Financial account: With spaces: Pink Floyd Money; Without: PinkFloydMoney

• Store account: With spaces: Superstore Cloud Nine; Without: SuperstoreCloudNine

• Medical account: MASH Hawkeye Pierce; Without: MASHHawkeyePierce"

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)