hacker

ETAIROS HVAC COMPUTER PASSWORD POLICY




Every password you use can be thought of as a needle hiding in a haystack. After all searches of information relating personally to you (Wife’s name, Kid’s name, Birthdays, etc.), common passwords, and dictionaries have failed, an attacker must then resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered. How long this “brute force” attack takes to crack your password is a very simple product of exponential math. Short passwords crack very fast and long passwords can take so long to crack that none of us would be around for it to matter anyway. Every character you add to your password makes it take exponentially longer to crack.

 

Updates to Etairos HVAC company password policy:

 

  1. All employee passwords, used for company purposes, must be at least 12 characters in length and unique. Do not re-use the same password on multiple services/systems.

    1. Our network/VPN will enforce the full 12-character length.

    2. While Office 365 will not enforce the full 12-character length, company policy still dictates it, and we are all expected to comply.

  2. All employee passwords must be ‘Strong’. Strong passwords consist of a combination of uppercase and lowercase letters, numbers, and special symbols, such as punctuation, and should be at least 12 characters long.

    1. Our systems try to prevent the use of weak passwords, but they do not know us ‘personally’. Even if our systems accept a weak password, it is our personal responsibility to make sure the password is ‘Strong’ and meets this policy.

    2. Don’t think of a password as a single word. Consider using a passphrase. The whole point of using passphrases is to adopt a much more you-friendly approach to password design.

    3. For example, the passphrase, $torm_Tr00pers=BadSHOTS! Is 24 characters long, easy to remember, contains upper- and lower-case letters, numbers, and special characters, and would take 93.83 billion trillion trillion centuries to crack (assuming 1,000 guesses per second). Note that typical attacks will be online password guessing limited to, at most, a few hundred guesses per second.

  3. Your network/VPN password must be different than your Office 365 password. This is to ensure that if you get hacked on one system, that same password can’t be used to access our other systems.

  4. Do not use any password that you have established for company use on non-company or personal websites. It is impossible for us to determine the security of every website a person may use. If your company passwords are used on an insecure site and it gets stolen, it is possible that may open the door to a company asset being hacked.

  5. Due to these new policies, we are changing both Office 365 and our network/VPN to only require you to change your passwords every 190 days.

  6. When changing your password, the change must be substantial. Only changing 1 or 2 characters or increasing a number by 1 defeats the whole purpose of changing it.

  7. No policy can dictate every aspect of common sense. It is our company policy that everyone does everything they can to protect unauthorized access to your company laptop, cell phone, our network/VPN, our Office 365, and any other company IT asset/service.

    1. Your password should not contain any information that is related to you or your family personally.

    2. Your cell phone should have at least a 6-digit passcode to lock it and preferably face ID (or equivalent to make it easier on you) to prevent unauthorized use. Your cell phone should be configured for the screen to lock within a reasonable amount of time otherwise the protection is never engaged.

    3. Always be mindful of where your laptop is. Do not leave it in the office, on a jobsite, or in your car where it could get stolen. Your laptop should also be configured for the screen to lock within a reasonable amount of time so that it is also protected.

    4. Do not share any company passwords with anyone else. This is just like each of us having our own individual alarm code that is also not to be shared.

    5. Anytime there is a security breach of any type, the IT department is required to investigate and report any findings to upper Management. Please make sure you have done your part on following this policy.

 

Please consult this website for more information and help:

 

https://cybernews.com/best-password-managers/how-to-create-a-strong-password/

 

It is full of correct and valuable information. If you follow the advice on this website, you will absolutely be in compliance with both common sense and company policy. It presents multiple strategies and ideas to help you protect both company and even your personal best interests. Please feel free to pick a strategy that will work the best for you. Kevin and I are also here to help you in any way that we can. These strong password strategies can be customized to fit anyone’s personality and interests. This is not something that has to be overly hard or difficult.