Passwords: A Cheap Way to Improve Your Security Posture
As a recently retired Naval Cyber Warrior, I come from a long line of salty and forward leaning communications and network security sea dog. My favorite sea dog was a Submarine Skipper who took over as the Battle Group N6 (meaning he owned all long haul communications and network operations for the entire Battle Group). He read an article, which stated the least expensive method of changing the network security posture was merely forcing all users and administrators to change their passwords and use strong password construction.
He ordered this done on a routine basis and sometimes on a whim. Once completed, our senior Information System Security Manager (ISSM) would verify all passwords had been changed, and then ran “password checking” software to ensure all passwords used strong password construction.
“Password, smashword…just change the darn thing…”
If you failed to pass muster and change your password as directed, you’d end up on the “Rat’s List” (“Rat” was my boss’s unofficial call sign), which resulted in removal of network access and a one-way and focused conversation with the “Rat.” Most fell in line after one visit. If anyone ignored the order, even by claiming seniority allowed super privileges (Okay, how many RED FLAGs did that set off in your mind?), the “Rat” would come to call, and the offender would pay.
I witnessed such a visit with the “Rat”, and experience that would become folk lore (and a good Sea Story). The “Rat” told this senior Officer (yet a peer of the “Rat”), “Password, smashword…just change the Good Darn thing.” Of course, the “Rat” didn’t use the words “Good” or “Darn.”
Fifteen years later, passwords remain the primary way we protect our computers and online accounts from cyber adversaries. Of course you can spend the money and use cryptologic log in and or two part authentication to add a layer of complexity to the mix.
Password Best Practices
A good password is at least 12 characters long and includes upper case letters, lower case letters, numbers, and non-alphanumeric symbols.
A simple way to ensure you don’t receive a nasty visit from the “Rat” in your organization by using a complex password that can be easily remembered by using the first letters of a favorite song and or phrase from a movie, and replacing certain letters with symbols and or numerals.
“With your fist holding Tight to the String of your Kite, Oh, Oh, Oh…”
Ultimately, a determined adversary may already be inside your network, using encryption on port 80 to transmit the goods back to the homeland, but a whole scale password change can be disruptive to most Hacks. Many times, it’s enough to chase them off your network while they seek easier prey.
Sleep well knowing the “Rat” is watching even now. Fair Winds!
For tips & tricks on how to build a better password, check out this week’s MetroStar Minute featuring our Director of Cybersecurity, Clay Calvert.