I know, I know, you used that sweet 4 digit number that corresponded to your birthday or your anniversary for a password alllllll these years and you had it tattooed into your memory and it was great!
Unfortunately, times have changed, and it would take a hacker about 45 seconds using a simple piece of software to guess and try all 10,000 combinations of a 4 digit password.
With the advent of social engineering, a more persistent hacker could peruse your Facebook posts, your Tweets, and heck, even go through your garbage to make some educated guesses about your birthdays, anniversaries, pet's names, etc...
With all those things in mind, it's become absolutely critical that we use secure passwords to access the computer systems that we all use, both at work, and in our personal lives. If someone gains access to our banking information, our network password we use on our work computer, a truly terrifying chain of events could perhaps lead to our identity being stolen, or to a hacker gaining entry into our corporate network and inflicting devastating damage to our valuable customer records, pricing, accounting data, etc...
Hopefully that brief horror story helps to impress upon us all the value and necessity to both our company and also to our personal lives that if we're going to live in the digital age and access computer systems, we MUST use good, secure passwords, and manage them correctly over time.
Currently, at Mill Creek and all its subsidiaries, we have the following rules and requirements for our Windows computer passwords:
- Password must be a minimum of 8 characters and up to 32 characters
- Password must contain 3 out of the 4 following criteria:
- Uppercase letters
- Lowercase letters
- Numerals
- Special characters (%#$&@ and the like)
- Password cannot connect the users username or actual name, even in part
- Password expire every 365 days and must be reset annually
- Password cannot match the previous three passwords
That said, we might think about if we were hackers, how would be attempt to compromise someone's password. Maybe we know that they used to use Bobbyjoe2016 last year, but that password no longer works. Hmmm, how about Bobbyjoe2017? Yay, it worked!!! So, a wise user might not just bump his or her old password by one digit from year to year.
One new philosophy regarding passwords is to think passPHRASE, not password. It can be annoying remembering if we used an asterisk or a dollar sign at the end of last years password. How about using a song lyric that you love? True, it's much longer, but passphrases are MUCH more secure, and many feel that they're easier for us to remember. Perhaps every year you could pick a lyric from a different favorite song, or a slogan that you shout when you attend rallies. Whatever you use, just remember, make it unique, easy for you to remember, hard for others to guess, and PLEASE, do NOT write it on a sticky note and stuff under your keyboard. We all know you do it. And we all log on and read your emails while you're on vacation just fun. Ok, not really, but we COULD if we wanted to. :)
Comments
0 comments
Please sign in to leave a comment.