Update: The recently released U.S. National Institute of Standards and Technology (NIST) Digital Identity Guidelines recommend longer passwords. It’s important for security professionals to keep abreast of modified recommendations due to advancements in computer power and technologies through their Guardian Support Service.
Generally, we (carbon-based lifeforms) are terrible when it comes to selecting a secure password for our computers or software programs. This comes from not being prepared for the inevitable password question when installing new software or setting up new hardware.
We panic and select something that often is way too common or easy to remember but that also means that it will be too easy for a hacker to guess or to “crack”. We just say “I’ll come back and change that later so I’ll just use one that is easy to remember for now” but we seldom remember to do so. Nobody said that effective credentials management was convenient but it beats the inconvenience of being hacked!
Consider doing the following:
Consider avoiding the following:
Using a Password Manager
For users with large amounts of passwords to manage, there are commercial solutions available that will store and manage your password library. Depending on the selected vendor, these managers store your passwords for you and automatically fill out your log-in forms. Preferably, choose offline versions of such password management programs, but if it is important to use the convenience of online synchronization features, just make sure you change passwords frequently and have a plan in case the program vendor’s database is somehow compromised by hackers.
Remove Default Passwords
For users who utilize software that is delivered or installed with “default” passwords, disable, delete or change the default passwords to something other than what was delivered with the system as soon as possible.
Industrial Control Systems also rely on user credentials and similar recommendations apply to those passwords. For DeltaV systems, the DeltaV Security Manual provides guidance around passwords complexity, default passwords, expiration period and prompt, as well as password reuse.
Contact your local Emerson Sales or Service Representative and request the latest DeltaV Security Manual, an important cybersecurity manual for the full “best practice” recommendations for security for DeltaV process control systems. It is also available under the Resources page within Guardian Support web portal.
From Jim: You can also connect and interact with other cybersecurity experts in the Operate & Maintain, DeltaV and Ovation groups in the Emerson Exchange 365 community.
The post DeltaV Secure Passwords: The Do’s and Don’ts appeared first on the Emerson Automation Experts blog.