Thursday, March 29, 2007

 

Pointless Shit

4.3 Password Composition


All personnel:
  • Use passwords that are at least seven (7) characters long, or the maximum length
    permitted by the system if that is less than seven characters.

  • Use a combination of at least three of the following four groups of characters:

  • Lowercase letters (i.e., a-z).

  • Uppercase letters (i.e., A-Z).

  • Numbers (i.e., 0-9).

  • Punctuation (e.g., !, @, #, $, %, ^, &, *, -, +, <, >).

  • If all character types are not permitted by the system, use the greatest variety of
    characters permitted by the system.
    Use passwords that are difficult to guess. Difficult-to-guess passwords include
    those that are:
  • Not a word in any language, English or foreign, or slang, dialect, or jargon.

  • Not based on personal, known or guessable information such as:
  • Names of family, pets, friends, co-workers, fantasy characters, etc.

  • Computer terms and names, sites, companies, hardware, and
    software.

  • Terms associated with the company (e.g., [Nameless Company], [Nameless Satellite], Consumer name for [Namelss Company],
    Riverfront).

  • Birthdays or personal information such as addresses, phone
    numbers, employee or badge numbers, or Social Security numbers.

  • Letter or number patterns like abcABC, Qwerty, 123CBA, etc.

  • Any of the above spelled backwards or otherwise obfuscated.

  • Any of the above preceded or followed by a digit (e.g.,
    "[namelsscompany1]").

  • Not based on earlier passwords or published password examples.

  • Apply the password composition standards described herein when using
    Personal Identification Numbers (PINs), to the extent that such rules are
    permitted by the system.

  • Use a passphrase where possible to secure your accounts. A passphrase is
    a longer version of a password and is, therefore, more secure because it is
    less vulnerable to "dictionary attacks." Policy requirements related to password composition also apply to a passphrase. An example of a
    passphrase is: "I went snowboarding 5 times in January!"




  • So remember, don't have any passwords that contains a word in any language, English or foreign, or slang, dialect, or jargon.

    Good advice for us all. Remember, Password Security begins with you!

    BOJ

    Labels: ,


    Comments:
    Shit! I am in trouble!
     
    In pointless trouble...
     
    So basically, considering the number of accounts most people in the modern computer age have... you should create a bunch of passwords that you, yourself, will have a high chance of forgetting - requiring you to keep a protected list of them somewhere like in a PDA Password Safe or in a locked paper portfolio. Geez... how much fun that would be for most people.

    Quinn
     
    Absolutely not!

    From the same document:

    • Do not write down passwords in any readily-decipherable form and leave them in a place where unauthorized persons might discover them.

    • Do not store passwords on a computing device or on-line unless you use a nonreversible encryption method.

     
    Well a PDA Password Safe is pretty secure. Some PDA's support finger print identification as a security method.

    A locked portfolio, well... locks only keep honest people honest but it's better than leaving them out in the wide open.

    I guess the best thing to do is come up with your own cypher method and translate any passwords that you create that are able to be remembered into that cypher... but who's going to do that for an e-mail account or something.. certainly not me.

    Quinn
     
    Post a Comment

    << Home

    This page is powered by Blogger. Isn't yours?

    The Bert Convey
    Principle
    Friends' Blogs
    My Photo
    Name:
    Location: United States

    I'm not telling you anything...

    archives