Passwords are the keys to the environment, and much like the front door of your house. If they're too easy to access, someone will eventually take advantage of it.
To best protect the bank and our customers’ information, we all need to follow a few relatively simple guidelines.
1. Password complexity.
The first line of defense is to make your password complex. Hackers routinely use what are called Dictionary Attacks to crack passwords. They have tools that quickly check for passwords against standard dictionary words. One way to make your password complex is to incorporate upper- and lower-case text, along with numbers and special characters. This, however, can make it difficult to remember. Another method is to use a Passphrase, which is putting multiple words together with numbers and special characters into an easily remembered pattern that are difficult to hack.
2. Change your passwords regularly.
We require you to change your Windows Authentication password every 90 days. As a good habit, you should also change any other account passwords that you use at this time as well. Many sites do not require you to change your passwords at all, which should make you question how secure they are.
3. Passwords to avoid.
4. Unique passwords for each service.
The uniqueness of your passwords is extremely important to your security. Websites are sometimes hacked, and login credentials are stolen and resold most of the time. Hackers try to use these login credentials on other sites to access your other accounts and get hold of all your data. For those reasons, it is recommended that you use a unique password / passphrase for each account that you access.
5. Use a password manager.
One way to keep track of multiple passwords / passphrases is to use a password manager program. It is a secured place to save authentication information and links to sites or applications. Please reach out to me if you have any questions about using a password manager or would like one installed on your PC.
Quarterly Testing:
To better secure our environment IT will be running a password cracking tool against all internal accounts used by staff on a regular basis. If we can crack your password in less than 12 hours, we will be contacting you to discuss making the password stronger and will have you change it.
To test passwords / passphrases and see how long it would take to hack them go to the following site and enter a few that you think would be good. The results may surprise you. https://www.useapassphrase.com/
Remember: Never reveal or share your passwords to others including door access codes to anyone, including members of IT.