ONE BAD PASSWORD

He spent 24 years building his business. One bad password and a ransomware attack blew it to smithereens.

Fran Finnegan was on vacation in New York just before the Fourth of July weekend when he received a disturbing text message from one of his customers: How come his website was down?

Finnegan quickly searched out a computer to remotely examine his site, which provides access to millions of documents filed with the Securities and Exchange Commission.

There he discovered a disaster unfolding in front of his eyes in real time. Hackers had breached his site’s security and taken over. He watched helplessly as they encrypted all his files, placing them beyond reach.

How could this happen?

24 years ago, when Finnegan originally set up his business website, SEC Info, he gave himself administrative privileges so he could manage the system, and protected his access with a password. The password he used, however, was the same as the password he was using for his Yahoo email account.

That password was probably stolen in a massive hack in 2013 that also compromised the names, email addresses, phone numbers, birth dates and security questions and answers of 3 billion Yahoo account holders.

At the time, Yahoo advised its users to change the passwords on their Yahoo accounts, but Finnegan had long since forgotten that he had also used it as his administrative password.

“Had I remembered that I was using a password from 24 years ago,” he says, “I certainly would have changed it.”

As he later discovered, beginning on June 26 his hackers pinged his system 2.5 million times before they finally hit on the right password. He says the firewall logs established that the hacking originated in Russia.

The hackers were able to encrypt everything on his servers — not only the database of documents but also Finnegan’s email system and even his list of users and their contact information.

That means that once SEC Info is back in operation, he won’t be able to proactively inform his customers what happened — he’ll have to wait for them to get in touch with him — all 500,000 of them.

“I have to re-create everything, and that takes time. I hope it’s not more than a month, but there’s no way of knowing right now.”

How can you benefit from the unfortunate experience of Fran Finnegan?

Use a Modern Password on every online account.

A Modern Password is *different for every site.* It's composed of 14 or more characters: upper-case, lower-case, numbers and special characters. No dictionary words and nothing that is specific to you, the website or the industry the website is associated with. No sports team names, no family or pet names, no birthdays or anniversaries — basically nothing specific about you or your interests.

If the bad guys find and analyze one of your passwords, they shouldn't find anything that relates to you. Absolutely nothing personal — not a hint of you, not even a whiff of you.

Like a deserted ghost town in an old spaghetti western . . . nothing but tumbleweeds blowing in the wind.

All the bad guys should see is a random string of letters, numbers and special characters. A password manager makes creating and using these kinds of passwords *extremely* easy.

Make it tougher for the bad guys to cause havoc in your life or business.

You deserve to keep what you’ve earned.

https://www.latimes.com/business/story/2021-07-09/a-ransomware-attack-destroys-a-thriving-business

#Infosec
#Cybersecurity
#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords

KnowBe4 Password Policy

In 2022, KnowBe4 released its first e-book covering password attacks, defenses and what your corporate password policy should be. Here is a summary of their recommendations:

☑️​ Whenever possible, use phishing-resistant Multifactor Authentication (MFA).
☑️​ Use MFA and / or long passwords or passphrases to log on to your devices.
☑️​ If you can, use a password manager.
☑️​ 12-character perfectly random 4-class passwords defeat all known guessing/cracking attacks.
☑️​ If you must think up a password yourself, create a unique and long password or passphrase (at least 20 characters) for all sites and services.

I’m interested in how we translate this corporate-directed advice into something actionable for ordinary people, outside of organizations with infosec budgets.

Especially interesting is the fact that — as far as we’re aware — no one has cracked a 12-character, random 4-class password. I’ve circled that below in red . . . kinda rough . . . I’m no graphic designer, for sure!

Have you heard of this kind of password being cracked out in the wild?

https://blog.knowbe4.com/password-policy-e-book

#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords
#KnowBe4

Special Characters In Passwords?

Some folks pooh-pooh the use of special characters in passwords.

In 2022 we noticed that the NSA recommended the use of special characters in complex passwords.

Regarding the Cisco networking systems under consideration, the NSA press release advises:

"Cisco devices are used globally to secure network infrastructure devices, including across the Department of Defense, National Security Systems, and the Defense Industrial Base. Each device has plaintext configuration files that contain settings that control device behavior, determine how to direct network traffic, and store pre-shared keys and user authentication information. Any credentials within Cisco configuration files could be at risk of compromise if strong password types are not used."

There’s a screen clip from the NSA Information Sheet, page 7 below.

Press Release dated February 17, 2022

https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2938313/nsa-publishes-best-practices-for-selecting-cisco-password-types/
NSA Cybersecurity Information Sheet
https://media.defense.gov/2022/Feb/17/2002940795/-1/-1/1/CSI_CISCO_PASSWORD_TYPES_BEST_PRACTICES_20220217.PDF

#NSA
#Passwords
#SpecialCharactersInPasswords
#ComplexPasswords

“DIGITAL GARLIC” SCARES AWAY HACKERS

Time Management for Hackers

Attackers don’t bother brute-forcing passwords that are long or passwords that contain special characters.

Every one of us — hackers included — only have 24 hours in every day. So how do criminal hackers make the best use of their time when brute-forcing passwords?

Microsoft researcher Ross Bevington analyzed the usernames and passwords hackers entered from over 25 million brute-force attacks.

Here's the breakdown of 30 days' worth of attacks against passwords:

➡️​ 6% attacked passwords over 10 characters in length.
➡️​ 7% attacked passwords which included special characters.
➡️​ 39% attacked passwords with numbers in them.
➡️​ 0% attacked passwords with spaces.

Hackers definitely *stayed away* from passwords which were longer (94% of the time), and they *didn't bother* spending much time cracking passwords which contained special characters (only 7% of the time).

Probably because of the common use of numbers at the end of passwords, hackers definitely honed in on digits.

But hackers *didn't even attempt* brute-forcing passwords with spaces, most likely because including spaces in passwords is still fairly uncommon.

From the article written by Catalin Cimpanu:

"The researchers' findings suggest that longer passwords that include special characters are most likely safe from the vast majority of brute-force attacks, as long as they haven't been leaked online and are part of attackers' brute-forcing dictionaries."

Should we include special characters (including spaces) in our passwords?

Here we have high-quality evidence collected by Microsoft at scale. It shows decisively that password length and the inclusion of special characters act like digital garlic, keeping the vampires and werewolves at bay — keeping the bad guys away from our online accounts.

How do ordinary consumers get this “digital garlic” in an easy way? They use a Password Manager.

https://therecord.media/attackers-dont-bother-brute-forcing-long-passwords-microsoft-engineer-says/

#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords
#TimeManagementForHackers
#DigitalGarlic
#Microsoft

ONE BAD PASSWORD

He spent 24 years building his business. One bad password and a ransomware attack blew it to smithereens.

Fran Finnegan was on vacation in New York just before the Fourth of July weekend when he received a disturbing text message from one of his customers: How come his website was down?

Finnegan quickly searched out a computer to remotely examine his site, which provides access to millions of documents filed with the Securities and Exchange Commission.

There he discovered a disaster unfolding in front of his eyes in real time. Hackers had breached his site’s security and taken over. He watched helplessly as they encrypted all his files, placing them beyond reach.

How could this happen?

24 years ago, when Finnegan originally set up his business website, SEC Info, he gave himself administrative privileges so he could manage the system, and protected his access with a password. The password he used, however, was the same as the password he was using for his Yahoo email account.

That password was probably stolen in a massive hack in 2013 that also compromised the names, email addresses, phone numbers, birth dates and security questions and answers of 3 billion Yahoo account holders.

At the time, Yahoo advised its users to change the passwords on their Yahoo accounts, but Finnegan had long since forgotten that he had also used it as his administrative password.

“Had I remembered that I was using a password from 24 years ago,” he says, “I certainly would have changed it.”

As he later discovered, beginning on June 26 his hackers pinged his system 2.5 million times before they finally hit on the right password. He says the firewall logs established that the hacking originated in Russia.

The hackers were able to encrypt everything on his servers — not only the database of documents but also Finnegan’s email system and even his list of users and their contact information.

That means that once SEC Info is back in operation, he won’t be able to proactively inform his customers what happened — he’ll have to wait for them to get in touch with him — all 500,000 of them.

“I have to re-create everything, and that takes time. I hope it’s not more than a month, but there’s no way of knowing right now.”

How can you benefit from the unfortunate experience of Fran Finnegan?

Use a Modern Password on every online account.

A Modern Password is *different for every site.* It's composed of 14 or more characters: upper-case, lower-case, numbers and special characters. No dictionary words and nothing that is specific to you, the website or the industry the website is associated with. No sports team names, no family or pet names, no birthdays or anniversaries — basically nothing specific about you or your interests.

If the bad guys find and analyze one of your passwords, they shouldn't find anything that relates to you. Absolutely nothing personal — not a hint of you, not a whiff of you. Like a deserted ghost town in an old spaghetti western . . . nothing but tumbleweeds blowing in the wind. All the bad guys should see is a random string of letters, numbers and special characters. A password manager makes this *extremely* easy.

Don't give the bad guys anything to use against you.

You deserve to keep what you’ve earned, and they *don't* deserve your help.

https://www.latimes.com/business/story/2021-07-09/a-ransomware-attack-destroys-a-thriving-business

#Infosec
#Cybersecurity
#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords

ONE BAD PASSWORD

He spent 24 years building his business. One bad password and a ransomware attack blew it to smithereens.

Fran Finnegan was on vacation in New York just before the Fourth of July weekend when he received a disturbing text message from one of his customers: How come his website was down?

Finnegan quickly searched out a computer to remotely examine his site, which provides access to millions of documents filed with the Securities and Exchange Commission.

There he discovered a disaster unfolding in front of his eyes in real time. Hackers had breached his site’s security and taken over. He watched helplessly as they encrypted all his files, placing them beyond reach.

How could this happen?

24 years ago, when Finnegan originally set up his business website, SEC Info, he gave himself administrative privileges so he could manage the system, and protected his access with a password. The password he used, however, was the same as the password he was using for his Yahoo email account.

That password was probably stolen in a massive hack in 2013 that also compromised the names, email addresses, phone numbers, birth dates and security questions and answers of 3 billion Yahoo account holders.

At the time, Yahoo advised its users to change the passwords on their Yahoo accounts, but Finnegan had long since forgotten that he had also used it as his administrative password.

“Had I remembered that I was using a password from 24 years ago,” he says, “I certainly would have changed it.”

As he later discovered, beginning on June 26 his hackers pinged his system 2.5 million times before they finally hit on the right password. He says the firewall logs established that the hacking originated in Russia.

The hackers were able to encrypt everything on his servers — not only the database of documents but also Finnegan’s email system and even his list of users and their contact information.

That means that once SEC Info is back in operation, he won’t be able to proactively inform his customers what happened — he’ll have to wait for them to get in touch with him — all 500,000 of them.

“I have to re-create everything, and that takes time. I hope it’s not more than a month, but there’s no way of knowing right now.”

How can you benefit from the unfortunate experience of Fran Finnegan?

Use a Modern Password on every online account.

A Modern Password is *different for every site.* It's composed of 14 or more characters: upper-case, lower-case, numbers and special characters. No dictionary words and nothing that is specific to you, the website or the industry the website is associated with. No sports team names, no family or pet names, no birthdays or anniversaries — basically nothing specific about you or your interests.

If the bad guys find and analyze one of your passwords, they shouldn't find anything that relates to you. Absolutely nothing personal — not a hint of you, not a whiff of you. Like a deserted ghost town in an old spaghetti western . . . nothing but tumbleweeds blowing in the wind. All the bad guys should see is a random string of letters, numbers and special characters. A password manager makes this *extremely* easy.

Don't give the bad guys anything to use against you.

You deserve to keep what you’ve earned, and they *don't* deserve your help.

https://www.latimes.com/business/story/2021-07-09/a-ransomware-attack-destroys-a-thriving-business

#Infosec
#Cybersecurity
#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords

ONE BAD PASSWORD

He spent 24 years building his business. One bad password and a ransomware attack blew it to smithereens.

Fran Finnegan was on vacation in New York just before the Fourth of July weekend when he received a disturbing text message from one of his customers: How come his website was down?

Finnegan quickly searched out a computer to remotely examine his site, which provides access to millions of documents filed with the Securities and Exchange Commission.

There he discovered a disaster unfolding in front of his eyes in real time. Hackers had breached his site’s security and taken over. He watched helplessly as they encrypted all his files, placing them beyond reach.

How could this happen?

24 years ago, when Finnegan originally set up his business website, SEC Info, he gave himself administrative privileges so he could manage the system, and protected his access with a password. The password he used, however, was the same as the password he was using for his Yahoo email account.

That password was probably stolen in a massive hack in 2013 that also compromised the names, email addresses, phone numbers, birth dates and security questions and answers of 3 billion Yahoo account holders.

At the time, Yahoo advised its users to change the passwords on their Yahoo accounts, but Finnegan had long since forgotten that he had also used it as his administrative password.

“Had I remembered that I was using a password from 24 years ago,” he says, “I certainly would have changed it.”

As he later discovered, beginning on June 26 his hackers pinged his system 2.5 million times before they finally hit on the right password. He says the firewall logs established that the hacking originated in Russia.

The hackers were able to encrypt everything on his servers — not only the database of documents but also Finnegan’s email system and even his list of users and their contact information.

That means that once SEC Info is back in operation, he won’t be able to proactively inform his customers what happened — he’ll have to wait for them to get in touch with him — all 500,000 of them.

“I have to re-create everything, and that takes time. I hope it’s not more than a month, but there’s no way of knowing right now.”

How can you benefit from the unfortunate experience of Fran Finnegan?

Use a Modern Password on every online account.

A Modern Password is *different for every site.* It's composed of 14 or more characters: upper-case, lower-case, numbers and special characters. No dictionary words and nothing that is specific to you, the website or the industry the website is associated with. No sports team names, no family or pet names, no birthdays or anniversaries — basically nothing specific about you or your interests.

If the bad guys find and analyze one of your passwords, they shouldn't find anything that relates to you. Absolutely nothing personal — not a hint of you, not a whiff of you.

Like a deserted ghost town in an old spaghetti western . . . nothing but tumbleweeds blowing in the wind. All the bad guys should see is a random string of letters, numbers and special characters.

A password manager makes this *extremely* easy.

Don't give the bad guys anything to use against you.

You deserve to keep what you’ve earned, and they *don't* deserve your help.

https://www.latimes.com/business/story/2021-07-09/a-ransomware-attack-destroys-a-thriving-business

#Infosec
#Cybersecurity
#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords

KnowBe4 Password Policy

Earlier this year, KnowBe4 released its first e-book covering password attacks, defenses and what your corporate password policy should be. Here is a summary of their recommendations:

☑️​ Whenever possible, use phishing-resistant Multifactor Authentication (MFA).
☑️​ Use MFA and / or long passwords or passphrases to log on to your devices.
☑️​ If you can, use a password manager.
☑️​ 12-character perfectly random 4-class passwords defeat all known guessing/cracking attacks.
☑️​ If you must think up a password yourself, create a unique and long password or passphrase (at least 20 characters) for all sites and services.

I’m interested in how we translate this corporate-directed advice into something actionable for ordinary people, outside of organizations with infosec budgets.

Especially interesting is the fact that — as far as we’re aware — no one has cracked a 12-character, random 4-class password. I’ve circled that below in red . . . kinda rough . . . I’m no graphic designer, for sure!

Have you heard of this kind of password being cracked out in the wild?

https://blog.knowbe4.com/password-policy-e-book

#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords
#KnowBe4

:boost_ok:​ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

:mastodon: ​Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.

“DIGITAL GARLIC” SCARES AWAY HACKERS

Time Management for Hackers

Attackers don’t bother brute-forcing passwords that are long or passwords that contain special characters.

Every one of us — hackers included — only have 24 hours in every day. So how do criminal hackers make the best use of their time when brute-forcing passwords?

Microsoft researcher Ross Bevington analyzed the usernames and passwords hackers entered from over 25 million brute-force attacks.

Here's the breakdown of 30 days' worth of attacks against passwords:

➡️​ 6% attacked passwords over 10 characters in length.
➡️​ 7% attacked passwords which included special characters.
➡️​ 39% attacked passwords with numbers in them.
➡️​ 0% attacked passwords with spaces.

Hackers definitely *stayed away* from passwords which were longer (94% of the time), and they *didn't bother* spending much time cracking passwords which contained special characters (only 7% of the time).

Probably because of the common use of numbers at the end of passwords, hackers definitely honed in on digits.

But hackers *didn't even attempt* brute-forcing passwords with spaces, most likely because including spaces in passwords is still fairly uncommon.

From the article written by Catalin Cimpanu:

"The researchers' findings suggest that longer passwords that include special characters are most likely safe from the vast majority of brute-force attacks, as long as they haven't been leaked online and are part of attackers' brute-forcing dictionaries."

Should we include special characters (including spaces) in our passwords?

Here we have high-quality evidence collected by Microsoft at scale. It shows decisively that password length and the inclusion of special characters act like digital garlic, keeping the vampires and werewolves at bay — keeping the bad guys away from our online accounts.

How do ordinary consumers get this “digital garlic” in an easy way? They use a Password Manager.

https://therecord.media/attackers-dont-bother-brute-forcing-long-passwords-microsoft-engineer-says/

#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords
#TimeManagementForHackers
#Microsoft

:boost_ok:​ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

:mastodon: ​Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.

Hello Fellow Mastodonians!

All Passwords Are Definitely NOT Created Equal.

In 2018 1Password (a highly-successful password manager company with a market value of $6.8 billion) ran a contest called “How strong should your Master Password be?” The company gave out prizes to the first security researchers who successfully hacked various types of passwords in a carefully constructed contest. They followed that with some additional research of their own.

Important considerations are:
➡️​ "How long does it take to crack my password?" is definitely *not* the right question.
➡️​ "How much does it *cost* to crack my password?" is the right question.
➡️​ The results of their contest apply specifically to the ways 1Password generates, secures and stores passwords.
➡️​ You shouldn’t assume passwords used on other websites are protected the same way.

Below is 1Password’s chart which lists the *least costly* to crack to the *most costly* to crack password types which are created by a password generator, not a human.

☑️​ Three Random Words is the least secure, or least costly to crack, with an estimated cost to the hacker of $4,200. This style of password is frequently recommended by the British National Cyber Security Centre (NCSC), a public-facing entity attached to GCHQ, the British version of the NSA.

☑️​ “Smart Passwords” composed of 19 randomly-chosen upper-case letters, lower-case letters, numbers and special characters were the most secure, or most costly to crack. Password researchers call these "4-class passwords" since they're composed of 4 classes or types of characters.

You can think of these kinds of ultra-strong passwords as *modern* passwords, because their growing popularity is a modern dynamic related to the increasing use of Password Managers, which create millions of them every day. These types of passwords are best suited for use when you don't need to memorize the password, and you don't need to frequently type it on a cellphone. These outrageously strong, modern passwords can be written down and securely stored, or typed just once then stored in your Password Manager.

And in May of 2022, Microsoft Authenticator added a new Password Generator which allows its 75 million users to create strong, unique passwords with different combinations of letters, numbers, and special characters.

Google's Chrome is by far the most popular browser, with at least 7 out of 10 people worldwide using it to access the internet. Chrome's built-in Password Manager automatically produces only one type of password — randomly-generated modern passwords composed of upper-case letters, lower-case letters, and numbers. The user is free to manually add a special character if the website requries it.

Note: The dollar amounts in the chart above take into consideration the techniques and strategies 1Password uses to generate, process and store a master password. We can't assume other websites would store our passwords as securely. Nor would these dollar amounts apply to passwords we humans create on our own, off the top of our heads. Those passwords would be far weaker and much less costly for a hacker to crack.

https://blog.1password.com/cracking-challenge-update/

#Passwords
#1Password
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords

:boost_ok:​ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

:mastodon: ​Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.

Hello Fellow Mastodonians!

All Passwords Are Definitely NOT Created Equal.

In 2018 1Password (a highly-successful password manager company with a market value of $6.8 billion) ran a contest called “How strong should your Master Password be?” The company gave out prizes to the first security researchers who successfully hacked various types of passwords in a carefully constructed contest. They followed that with some additional research of their own.

Important considerations are:
:arrow_right: "How long does it take to crack my password?" is definitely *not* the right question.
:arrow_right: "How much does it *cost* to crack my password?" is the right question.
:arrow_right: The results of their contest apply specifically to the ways 1Password generates, secures and stores passwords.
:arrow_right: You shouldn’t assume passwords used on other websites are protected the same way.

Below is 1Password’s chart which lists the *least costly* to crack to the *most costly* to crack password types which are created by a password generator, not a human.

Three Random Words is the least secure, or least costly to crack, with an estimated cost to the hacker of $4,200. This style of password is frequently recommended by the British National Cyber Security Centre (NCSC), a public-facing entity attached to GCHQ, the British version of the NSA.

“Smart Passwords” composed of 19 randomly-chosen upper-case letters, lower-case letters, numbers and special characters were the most secure, or most costly to crack. Password researchers call these "4-class passwords" since they're composed of 4 classes or types of characters.

You can think of these kinds of ultra-strong passwords as *modern* passwords, because their growing popularity is a modern dynamic related to the increasing use of Password Managers, which create millions of them every day. These types of passwords are best suited for use when you don't need to memorize the password, and you don't need to frequently type it on a cellphone. These outrageously strong, modern passwords can be written down and securely stored, or typed just once then stored in your Password Manager.

And in May of 2022, Microsoft Authenticator added a new Password Generator which allows its 75 million users to create strong, unique passwords with different combinations of letters, numbers, and special characters.

Google's Chrome is by far the most popular browser, with at least 7 out of 10 people worldwide using it to access the internet. Chrome's built-in Password Manager automatically produces only one type of password — randomly-generated modern passwords composed of upper-case letters, lower-case letters, and numbers. The user is free to manually add a special character if the website requries it.

Note: The dollar amounts in the chart above take into consideration the techniques and strategies 1Password uses to generate, process and store a master password. We can't assume other websites would store our passwords as securely. Nor would these dollar amounts apply to passwords we humans create on our own, off the top of our heads. Those passwords would be far weaker and much less costly for a hacker to crack.

https://blog.1password.com/cracking-challenge-update/

#Passwords
#1Password
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords

:boost_ok:​ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

:mastodon: ​Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.

Special Characters In Passwords?

Some folks poo-poo the use of special characters in passwords.

But earlier this year we noticed that the NSA recommends the use of special characters in complex passwords.

Regarding the Cisco networking systems under consideration, the NSA press release advises:

Cisco devices are used globally to secure network infrastructure devices, including across the Department of Defense, National Security Systems, and the Defense Industrial Base. Each device has plaintext configuration files that contain settings that control device behavior, determine how to direct network traffic, and store pre-shared keys and user authentication information. Any credentials within Cisco configuration files could be at risk of compromise if strong password types are not used.

There’s a screen clip from the NSA Information Sheet, page 7 below.

Press Release dated February 17, 2022:
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2938313/nsa-publishes-best-practices-for-selecting-cisco-password-types/

NSA Cybersecurity Information Sheet:
https://media.defense.gov/2022/Feb/17/2002940795/-1/-1/1/CSI_CISCO_PASSWORD_TYPES_BEST_PRACTICES_20220217.PDF

#NSA
#Passwords
#SpecialCharactersInPasswords
#ComplexPasswords

:boost_ok:​ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

:mastodon: ​Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.