Password Tips
New password policy:
16 characters, no complexity requirements
Account lockout after 5 failed attempts (to minimize password spray attempts)
Lock out duration is 60 minutes (overrides will have to be coordinated with the helpdesk) NO FORCE CHANGE! (unless it is easily cracked)
Tips for selecting a strong password:
DO NOT use common single dictionary words. Dictionary attacks will find these easily. Most of the passwords that County IT has cracked are found with dictionary attacks.
DO NOT use common phrases, Bible verses, song lyrics, quotes, etc. There are numerous tables with commonly used phrases that are just as easy to crack as single word passwords.
DO NOT worry about using uppercase, lower case, numbers, symbols, emojis, etc. in your password. This leads to a false sense of security and common modern password cracking rule sets make these substitution worthless.
DO NOT use your name, pet’s name, spouse’s name, children’s name, address, birth day, phone number or any other information that can easily be track to you. If you are targeted by a sophisticated hacker they can find this stuff VERY easily.
DO NOT use local landmarks or locations (Kingman), current seasons (winter) or any combination of those (kingmanwinter). There are “password spray attacks” where hackers will chose one password and “spray” it against the entire userbase. It’s very common to use either of those and the year (winter2019, kingman2020).
DO NOT write your password down or share it with any one. If you have so many passwords that you can’t keep them straight consider using a password safe with a strong master password.
DO NOT use your work password anywhere else outside of work. If you use your work password outside of work and that entity gets breached, the breacher may be able to login as you remotely and cause severe damage.
DO use multiple random medium sized words (8 or more characters each) to create a phrase (minimum of 16 chars, see link below). The IT department suggests three or more unrelated random (NOTE: Not user selected) words strung together. While password crackers can crack multiple word passwords, the volume and having to iterate all possible combinations makes these attacks too time consuming.
DO try to use uncommon words or words with uncommon letters (j, q, z and x) in them. Using uncommon words and words with uncommon letters decreases the chance of your password(s) being breached.
The link below has a 4 word generator built in. You can generate as many as you wish until you find something that a. Meets the new 16 char requirement and b. Is something that is easy for you to remember.