Hello and thank you for attending the I T. Security policy training. This will be the last video of module to this is the password construction policy
during Trial Mayor and here own Cyber Harry.
Learning objective of this policy is strong passwords and weak passwords and understanding both of them
looking at another Sands template for policy. This is a password. Construction guidelines policy
and passwords are a critical component of information security. They serve that user accounts.
However poorly constructed password may result in the compromise of individual systems, data or network.
The purpose of this guideline is for by the best practice for the creation of strong passwords,
it's go. This guy line applies employees, contractors, consultants, temporary other workers, including all personnel affiliated with third parties.
Statement of the guidelines.
So strong passwords or long the more characters you have, the stronger the password.
We recommend a minimum 14 characters in your password. This can change.
Usually you wanna have it least eight,
and you can go on up from there. Also, different systems may have different lengths, depending on the priority of the information that is held within those systems.
This is in addition, we highly encourage the use of pass phrases,
which is password made up of multiple words. An example is it's time for vacation or
block dash. Curious Dash sonny Dash leaps
pass razor both easier member and type. Yet they meet the strict requirements.
Now we're gonna get into poor, weak passwords, and they have the following characteristic.
They contain eight characters or less.
They contained personal information such as birthdays, addresses, phone numbers, name of family members
they contain number patterns,
which is a A B B B quality
are some version of welcome 123 password 123 Or Change Me 123
Which these welcome password and change or usually default passwords that come in systems whenever they are sent out to you by manufacturers and distributors.
So a good example of why you need a strong password. So in today's cybersecurity world, what happens is if you have a system
that is exposed to the public and even if it's not, if you have another system inside of your network that is not exposed to public, but it is
has a system. Another system at its hacked
a lot of the systems that the hackers use will try and do a brute force attack so they will start
by having a name that they know of and you confined names rare, fairly easy from the Internet of a user or an email address. And then, at that point, they just go and try to brute force it so they will take the time to do password one
and password to Password three and go through all the numbers. Then they'll do one to, you know, do 1113 and then so forth. And whenever it comes the letters, they'll do the same thing A and then a bee that ABC the Navy D and they'll keep going through all the letters until they can try to find different words. You know, thing they do
is that they will have a dictionary of
passwords that or actual words so they'll use those randomly. And then there's also reports that come out of what are the weakest passwords that are used out there. Get examples are the welcome 123 password 123
And so therefore they will use those to try from this dictionary to try to brute force. Hack that password.
The longer, more complex, the past where it is. And at that point, the harder it is to be able to have.
The other thing that is not listed in here that you might want to look at is having special characters such as an explanation point, a dollar sign,
a gastric, any of those things included, and then capital letters
and lower case letters. So whatever your definition is going to be, you put in this policy to make sure that it is used across the organization.
The condition, every work account should have a different unique password today were used to maintain multiple passwords. And as we talked about in the prior video,
this is something that you will have to look at because the assistance I need to talk to each other, it's the same password might be needed for both of the communication can be possible
again looking at policy compliance like all others.
If the SEC team can verify the policy through various methods,
exceptions must be approved in advance,
and then he, not compliance,
will be subject to disciplinary action up to and including termination.
So in summary in today's lecture, we talked about the password construction policy
talked about specifically strong passwords and weak passwords.
Let's do a little policy recap
on a question here. Strong passwords or blink,
and that would be long. The more characters you have, the stronger the password.
Another policy recap questions
What is a characteristic of a weak passwords.
many different things were listed here but contain eight characters or less contained personal information.
Contain number patterns
and are some versions of Welcome 123 password. 123 So again, you can look out in on the Internet and find different list that show the weak passwords. And you could make sure that you look at your compliance and your policy to make sure that those were not being used. And
also look at special characters that you can use your password as well as capital letters
and trying to find your system that would force those things.
Looking forward, we are now finished with module to we're gonna move on to Module three, which is the network security portion.
I hope you come back and join us for that
again. If you have any questions or need clarification,
give me a message through side. Very message. My user name is at trial a mirror and thank you for attending this cyber ery training.