Password protection key to information security

  • Published
  • By Master Sgt. James M. Howard
  • 90th Communications Squadron
Vulnerability, according to Webster's dictionary, means susceptible to attack. In relation to Air Force information systems, our goal is to identify and eliminate all vulnerabilities. The longer they go undetected, the greater the chance of an attack.

Everyone in the Air Force, in one way or another, relies on protection of sensitive information in automated information systems. Information attacks can severely hamper or even halt daily operations. Consider how effective you would be if your system were down for a day or even a week. Your job as a user is to prevent system vulnerabilities through password protection.

As a user, you are the one authorized to access the information system. You have completed required training, in some instances passed the background check, and have been deemed trustworthy to access the information system and all of its data. It is now your responsibility to safeguard the system by preventing access by unauthorized users.

How do you do that? By following one of the most basic fundamentals: proper password protection.

When you were granted access to the system, you were given a user identification and you had to supply a password. Your user ID is generally known to those around you, but your password is not.

You had to comply with several requirements for your password and you couldn't make it a simple dictionary word, for good reason. Dictionary words are part of the hacker's host of software tools for cracking your password.

Your password unlocks the door to a database which, if manipulated or destroyed, could devastate operational capability and adversely affect information systems across the Air Force. It is your responsibility to prevent someone else from using it.

To ensure you are effectively protecting your password, here are some guidelines from Air Force Manual 33-223, Identification and Authentication:

* Use passwords with at least eight alphanumeric characters (upper and lower case) with at least one special character (@, &, +, etc.).

* Never make a password related to your personal identity, history or environment.

* Change passwords every 90 days.

* Memorize your password. Don't place passwords on desks, walls or sides of terminals, or store them in a function key, login script or communications software.

* Don't share your password.

Password protection is a key element in assuring network and information security.