Three other agencies contacted by Security Management said they didn’t have an official password policy (and that it was up to the users to make sure they picked secure passwords). Others said they had users change their passwords regularly, but declined going into detail about past and present policies because of the recent hack.
“There isn’t anything I could or couldn’t do to prevent it [the server being hacked], but we took this opportunity to review our own policies and procedures and security measures because the issue was brought to light. We will be making some changes,” Baxter County Sheriff John Montgomery told Security Management.
In another instance, LulZec broke into one company after discovering the CEO’s personal email password was the same as his company email password.
“They’re [hacktivists] shining a very big light saying ‘Nobody is safe.’ If you’re dealing with anything that you remotely consider confidential, you need to be thinking about security,” Sverdlove said.
Check out 10 tips for making a hacker-resistant password from Privacy Rights Clearinghouse here.
photo by stevendepolo from flickr