2.12 Password Construction Policy

00:01

Hello and thank you for attending the I T. Security policy training. This will be the last video of module to this is the password construction policy

00:10

during Trial Mayor and here own Cyber Harry.

00:15

Learning objective of this policy is strong passwords and weak passwords and understanding both of them

00:25

looking at another Sands template for policy. This is a password. Construction guidelines policy

00:32

and passwords are a critical component of information security. They serve that user accounts.

00:38

However poorly constructed password may result in the compromise of individual systems, data or network.

00:44

The purpose of this guideline is for by the best practice for the creation of strong passwords,

00:51

it's go. This guy line applies employees, contractors, consultants, temporary other workers, including all personnel affiliated with third parties.

01:00

Statement of the guidelines.

01:03

So strong passwords or long the more characters you have, the stronger the password.

01:07

We recommend a minimum 14 characters in your password. This can change.

01:12

Usually you wanna have it least eight,

01:15

and you can go on up from there. Also, different systems may have different lengths, depending on the priority of the information that is held within those systems.

01:26

This is in addition, we highly encourage the use of pass phrases,

01:30

which is password made up of multiple words. An example is it's time for vacation or

01:34

block dash. Curious Dash sonny Dash leaps

01:38

pass razor both easier member and type. Yet they meet the strict requirements.

01:44

Now we're gonna get into poor, weak passwords, and they have the following characteristic.

01:49

They contain eight characters or less.

01:52

They contained personal information such as birthdays, addresses, phone numbers, name of family members

01:57

they contain number patterns,

01:59

which is a A B B B quality

02:01

are some version of welcome 123 password 123 Or Change Me 123

02:07

Which these welcome password and change or usually default passwords that come in systems whenever they are sent out to you by manufacturers and distributors.

02:20

So a good example of why you need a strong password. So in today's cybersecurity world, what happens is if you have a system

02:29

that is exposed to the public and even if it's not, if you have another system inside of your network that is not exposed to public, but it is

02:37

has a system. Another system at its hacked

02:38

a lot of the systems that the hackers use will try and do a brute force attack so they will start

02:46

by having a name that they know of and you confined names rare, fairly easy from the Internet of a user or an email address. And then, at that point, they just go and try to brute force it so they will take the time to do password one

03:01

and password to Password three and go through all the numbers. Then they'll do one to, you know, do 1113 and then so forth. And whenever it comes the letters, they'll do the same thing A and then a bee that ABC the Navy D and they'll keep going through all the letters until they can try to find different words. You know, thing they do

03:21

is that they will have a dictionary of

03:23

passwords that or actual words so they'll use those randomly. And then there's also reports that come out of what are the weakest passwords that are used out there. Get examples are the welcome 123 password 123

03:37

And so therefore they will use those to try from this dictionary to try to brute force. Hack that password.

03:43

The longer, more complex, the past where it is. And at that point, the harder it is to be able to have.

03:49

The other thing that is not listed in here that you might want to look at is having special characters such as an explanation point, a dollar sign,

04:00

a gastric, any of those things included, and then capital letters

04:04

and lower case letters. So whatever your definition is going to be, you put in this policy to make sure that it is used across the organization.

04:15

The condition, every work account should have a different unique password today were used to maintain multiple passwords. And as we talked about in the prior video,

04:23

this is something that you will have to look at because the assistance I need to talk to each other, it's the same password might be needed for both of the communication can be possible

04:32

again looking at policy compliance like all others.

04:35

If the SEC team can verify the policy through various methods,

04:40

exceptions must be approved in advance,

04:42

and then he, not compliance,

04:44

will be subject to disciplinary action up to and including termination.

04:49

So in summary in today's lecture, we talked about the password construction policy

04:55

talked about specifically strong passwords and weak passwords.

05:00

Let's do a little policy recap

05:01

on a question here. Strong passwords or blink,

05:06

and that would be long. The more characters you have, the stronger the password.

05:13

Another policy recap questions

05:15

What is a characteristic of a weak passwords.

05:21

So

05:23

many different things were listed here but contain eight characters or less contained personal information.

05:29

Contain number patterns

05:30

and are some versions of Welcome 123 password. 123 So again, you can look out in on the Internet and find different list that show the weak passwords. And you could make sure that you look at your compliance and your policy to make sure that those were not being used. And

05:47

also look at special characters that you can use your password as well as capital letters

05:51

and trying to find your system that would force those things.

05:57

Looking forward, we are now finished with module to we're gonna move on to Module three, which is the network security portion.

06:04

I hope you come back and join us for that

06:08

again. If you have any questions or need clarification,