Background: Today Government Infomration Systems and their networks are under increasing attack by Nation States, Cyber Criminals, and Activists. While protecting these resources is a shared responsibility, we can only be successful with your help. This guide will help you be compliant with government policy section 5360, Identity and Access Management with regards to selecting and managing an appropriatly complex password. Failure to comply may result in disciplinary action(s) should a data breach result.
Rules for Protecting Passwords: There are 4 rules that are mandated by government code for all users, regardless of assignment. These rules are:
What Makes a Strong Password: The strength of a password is a measurement of its effectiveness in resisting guessing and attacks. It estimates how many trials an attacker who does not have direct access to the password would need, on average, to correctly guess it. The strength of a password is a function of its length, complexity, and randomness.
Making Hard to Crack Passwords: Here are 6 considerations when creating a strong password:
Changing Passwords: You should never keep the same password for more than 1 year; 6 months if its a privledged user account (e.g. root, Application Admin, or System Admin).
Password Reuse: To prevent an attacker using a cracker prior password, you should ensure its not reused. If you insist on reusing the password, then do so no less than after 20 other password iterations (State Code).
This training module provided by the California Military Department, Cyber Netwrok Defense Team. This module is authorized for training on State IT resources only. This training is not licensed for use on personal, external, or non-State agency systems.