The National Computer Security Agency (ANSI) published a list of recommendations on Sunday to defend against password attacks.
According to the agency, many techniques are employed by hackers to crack the passwords of their victims, sometimes utilising free tools available on the Internet. The common attacks utilised to crack a password are brute force (guessing the password applying millions of possibilities, using dictionaries), interception (interception of data sent in clear over unsecured networks), social engineering (trapping users through social engineering techniques), Keyloggers (the use of keyloggers to obtain passwords).
To defend against these attacks, ANSI recommends forbidding passwords that are simple and easy to guess, affirming that a powerful password should consist of 8 to 12 characters of different types (letters, numbers, symbols). The implementation of password management rules is fully recommended.
In addition, the Agency estimates that using the same password for a long period and for all accounts is a bad practice among workers, recommending a periodic change of access parameters while creating rules of the complexity of the passwords to revere.
It further pointed out that information systems administrators are not safe from password attacks, indicating that the impact of such an attack can be severe on the security of computer systems. Accordingly, the commands for defining passwords for administrators must be tightened up, while improving the frequency of their change.
Once the password management policy is in place, ANSI recommends that you constantly monitor the application of this policy. Such monitoring can reveal potential flaws linked to non-compliance with instructions.
What's happening in Tunisia?
Subscribe to our Youtube channel for updates.