Recent events involving the scraping of personal information from social media sites such as the Facebook Leak and LinkedIn Leak should give us all pause to re-evaluate what we consider to be private information. Once data points such as cellphone number, personal email address, and birthday are collected and released in public data sets there is no way to make the information private again, therefore they should not be used as components of password construction. In accordance with best practice guidance from NIST, a robust cybersecurity strategy includes keeping abreast of the latest breach.
The list of commonly used, compromised, or expected passwords includes passwords obtained from previous breach corpuses, dictionary words, and repetitive or sequential characters. The list includes context-specific words, such as the name of the service, username, and derivatives thereof. –IA-5 AUTHENTICATOR MANAGEMENT NIST SP 800-53, REV. 5
Unlimited Technology offers solutions for each of the functions of the NIST Cyber Security Framework. Our goal is to put you in command of your world by providing you with Insight that informs, Insight that empowers, Automation that quantifies and provides answers real-time and Knowledge that supports and enables compliance. Contact us for more information at Info@utglobal.com.