I was really excited last Wednesday to deliver another All Staff IT presentation .. first, because I enjoy presenting .. second, because it was an important topic .. and third because it marked the start of a new monthly "IT Spotlight" at our All Staff meetings .. w00t!
So in 15mins I tried to raise awareness of why passwords are so critically important ... and also to announce to our staff that we were starting a global password change that very day.
Our new password (aka passphrase) guidelines:
- 11 characters or more
- be a phrase ... should be fun to type, easy to remember, hard for others to guess
- should have nothing to do with info most poor passwords include such as: family names, important dates (bdays, anniv), pet names, nick names, hobbies, sports teams
- your GCC passphrase should be unique to GCC only ... not something you will use at any other site on the internet ... including Fellowship One
- never share your passphrase with ANYONE ... period! Your passphrase is YOUR passphrase
- We will require passphrase changes each summer ... industry standard is 30-45 days so once a year is a good compromise :-)
I've included the streaming audio below for your listening enjoyment. The audio isn't great, but it's acceptable. I'm working to get the audio transcribed as well for future publishing.
There's of course much more I would like to have included, but that's all the time I had this month ... I may do some follow-up next month.
What's been fun is listening to all the staff excited about what they've changed their passphrase to! I've many times heard comments like, "I wish I could tell you my passphrase because it's so clever!" I'd call that good 'buy in'. :-)
If you haven't heard my prior All Staff IT Best Practices presentation you can get it here
And for more info about the recent Twitter hack go here
You can also download the audio here
I'd love to see that transcript!
Posted by: TonyDye | September 05, 2009 at 12:59 PM
The meeting was a hoot, Jason. A whole new side of you I hadn't seen. You coolness factor was already up there. Now? It's in the clouds. :)
One thing to add: if I had nickle for every time I've typed my old password first over the last week, I could retire!
Posted by: Jeff Bell | September 08, 2009 at 11:27 PM
Thanks for the feedback Jeff :-)
Tony - I need to see if the gal that did the podcast would be up to transcribing it.
Posted by: Jason Powell | September 11, 2009 at 01:21 PM
Great job as usual. If I had 1/2 your talent, I'd quit my day job.
Maybe your next contest should be some sort of password cracking contest to see who actively uses the password that takes the longest for L0phtCrack to decipher. You'll have to come up with a cool name for the contest (The Safest User?). This might help motivate other churches to take the step you did in getting user buy-in to help secure systems. http://www.l0phtcrack.com/
We installed Password Safe on all of our 650+ client systems, so our users have a place to manage their many usernames/passwords. Might be something to consider, and keeps people from creating unsecured lists. They can use the same product at home and secure their personal systems. http://passwordsafe.sourceforge.net/
Posted by: Alan Hunt | September 15, 2009 at 09:59 AM