September 3, 2008
Improving information security
Imagine that your password to get onto the Laboratory's computer network was available to someone outside the Lab. In order to ensure that Laboratory passwords are not viewed while being transmitted, the National Nuclear Security Administration now requires the use of encrypted passwords.
Unencrypted passwords, also known as clear-text passwords, may cross the network "in the clear" and create a security vulnerability, according to Dave Belangia of Information Systems and Technology (IST) Division. Encryption uses cryptography to scramble the password making the transmission of information more secure. For secure e-mail services, unencrypted passwords will not be accepted after September 30, Belangia emphasized.
Employees can follow specific step-by-step instructions for Information Architecture-supported Windows, Mac, or Linux e-mail to change preferences.
The Lab's network security improves by encrypting passwords and ensuring that passwords comply with Lab policy, according to Belangia. Although not required at this time, using a one-time pass code (generated by a Laboratory CRYPTOcard) wherever possible or practical does even more to improve the Laboratory's network security, Belangia added.
Employees also are reminded that their password(s) need to be changed at least every six months and must contain at least eight characters and at least three of the following four elements: English uppercase letters (A, B, C), English lowercase letters (a, b, c), Arabic numerals (1, 2, 3), and non-alphanumeric characters (!, <, #, $).