I just gave a little talk to my team about breaches, passwords and things that go “Boom!” like, oh, nuclear power plants. Because apparently the US DOE (Department of Energy) keeps. Getting. Hacked. An investigation over 4 years showed that there were 1131 attacks, 159 compromises and of those 53 were at root level (meaning you really got pwned). Since glow-in-the dark isn’t my best look, I’m a little concerned about keeping those plants safe. If the guys looking after critical infrastructure aren’t getting it right, then we all need to paying more attention to what we do with our passwords.
Bottom Line: Passwords are your first line of defence. Done right, they are an effective deterrent and the attackers move on. Done badly, you’ve just handed over the keys to your digital kingdom. I don’t have to remind you about the password file named “Passwords” from the Sony Hack. Or the sorry excuses for passwords (no – not actual excuses) emerging from the Ashley Madison dump. I highly recommend the helpful and direct guidance freely given by Jessy Irwin, the owner of the sign bunny to the right …
If you want to do this right – and believe me you do – then you’re going to need to put some effort and commitment into it. Every organization, every business, needs to have a password policy in place, and not one that they just pay lip service to or to serve as a manufacturing site for replacements. There must be guidelines issued to end users, and a policy that is both monitored and enforced. It’s not like Halloween, where you hand them out freely.
I present to you my 10 Commandments of Good Passwords. And like Pharaoh Yul Brynner said “So let it be written, so let it be done!”