How to Strengthen and Manage Passwords

By Eric Noonan • December 12, 2017

In today’s world strong, unique passwords are a necessity. Whether it is a domain administrator password for an organization or a personal online banking account, it is crucial to safeguard information by having a robust password making access to any account or system less easy.

The Old Standard for a Secure Password is No Longer Sufficient

In a recent interview, Bill Burr shared that he regrets some of the recommendations he made back in 2003 regarding what makes a good password. In retrospect, he surmised, humans generally have difficulty generating strong passwords.

As a refresher, Mr. Burr wrote NIST Special Publication 800-62, Appendix A in 2003. This document essentially defined a strong password as a mix of upper and lowercase letters, numbers, and special characters. These days, a password needs other attributes to be considered strong.

What Not To Do

It’s is rather mind-boggling that some folks use the most simplistic passwords for business and personal use. Even in this era of security breaches and data loss, common – and incredibly weak – passwords include “password”, “12345678”, and “qwerty” (http://www.computerworld.com/article/3024404/security/worst-most-common-passwords-for-the-last-5-years.html)

Why does this happen? According to the 2017 version of the NIST Special Publication 800-62, “Research has shown … that users respond in very predictable ways to the requirements imposed by [password] composition rules” (NIST, 2017).

Bottom line: People can and should do better at creating and managing passwords.

What To Do

Two solutions can help you and your organization support better password creation and management. They are:

  • Two-Factor Authentication (2FA) – 2FA it is based on using something a user has and something a user knows to authenticate him or her. A perfect example of 2FA is an ATM. To get money out, a user must insert his ATM card (something he has) and enter a PIN (something he knows). While 2FA used to only be applicable to organizations, many online services such as Gmail, Facebook, and Amazon now allow a user to enable 2FA to further secure access to his or her personal accounts. The website https://www.turnon2fa.com/ provides easy-to-follow tutorials on how to enable 2FA on these services.
  • Password Manager – A password manager such as the opensource Keepass (http://keepass.info/) or the enterprise-level CyberArk privileged account management (PAM) solution provides a cryptographically secure repository and the ability to generate passwords that are both random, complex, and long. (Having your web browser remember your password is not a password manager). A password manager delivers a mechanism to securely store and generate strong passwords so that a user does not have to remember them. In the case of CyberArk, there are also many other features, such as automatic password rotation, privilege session monitoring, and integration with applications for App to App account management.

CyberSheath specializes in the deployment and customization of CyberArk’s PAM solution to fit each customer’s specific use case – and we can help you build the solution that meets your organization’s unique needs. Contact us today for your free assessment.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO