The risk of a cyberattack or data breach has never been higher nor has the potential damage to your business ever been greater.
DFI Forensics Inc. specializes in advanced digital forensics services for businesses that have suffered a cyberattack, IT network intrusion or data breach in the greater Vancouver area of British Columbia, Canada.
Visit vancouverdatabreach.com for more information.
Organizations must establish a standard for the creation, maintenance, and storage of strong passwords. There are currently two approaches an organization should review when implementing a password policy. The first is to follow all guidelines provided by the National Institute of Standards and Technology’s (NIST) password recommendations, as listed in Special Publication (SP) 800-63B, Section 18.104.22.168. If an organization is unable to follow NIST SP 800-63B due to budgetary or technological constraints, it is recommended that the following be used while working towards the NIST standard.
- Implement complexity rules that:
- Allow for a minimum password length of 14 characters.
- Force passwords to contain uppercase and lowercase letters, numbers 0 through 9, and non-alphanumeric characters.
- Do not allow repetitive or sequential characters (e.g. ‘aaaaaa’, ‘abc123’).
- Do not allow context-specific words, including usernames and their derivatives.
To calculate the entropy (strength) of a password, the character set is raised to the power of the password length. There are 26 uppercase, 26 lowercase, 10 digit, and 33 ASCII-printable symbols available on the average keyboard. A computer can guess over 1 billion passwords per second.