Content in this post includes recommendations and suggestions for password creation and management as well as information on training materials available to the GW community. This resource guide is presented as part of the Cybersecurity is a Shared Responsibility awareness campaign. The GW IT Security team provides these posts to support increased awareness and knowledge across all stakeholder groups. The principle the posts follow is that cybersecurity is a shared responsibility for all users. Suggestions on content, areas of focus, or to arrange team training should be directed to infoec@gwu.edu.
Persistent cyber-attacks target personal, organizational, and system accounts. The resources and training modules below are designed for various technical knowledge levels. Some resources including some training modules may require access to restricted content. Access restrictions for any sites requiring access will be noted. External links to sites not controlled by GW will also be noted with an external link notation. Details on organizations providing the external materials are listed at the bottom of this article in the event you are not familiar with the acronym or function.
Password Strength and Complexity Resources, Articles, and Guidance
Increased understanding of the need for strong and complex passwords as well as emerging security technologies is critical to ensuring your data and access to your systems and services are secure.
- Strong, Secure Passwords Are Key to Helping Reduce Risk to Your Organization – External Content Hosted by SANS
- Create and use strong passwords - External Content Hosted by Microsoft Corporation Support
- Choosing and Protecting Passwords – External Content Hosted by CISA
- NIST’s New Password Rule Book: Updated Guidelines Offer Benefits and Risk – External Content Hosted by ISACA
- Ultimate guide to managing your passwords - External Content Hosted by The Washington Post
Password Managers
Password managers are applications used to store passwords. Generally, provide a convenient place to store all of your passwords, requiring you only remember the password manager master password. These solutions can be installed on devices, access through cloud services, and/or integrated into web browsers. They provide convenience of only remembering one password to access a tool that contains all of your unique passwords.
The Best Password Managers for 2023 | PCMag – External Content Hosted by PCMag
Training Modules
The following modules are available to faculty and staff through GW’s Talent@GW system. Search for training titles in the Learning -> Browse for Training menu after logging into Talent@GW. Managers can assign training to staff through the Talent@GW system as well.
Creating Strong Passwords - Security Awareness Training
- Audience – Introductory Level of Technical Knowledge
- Talent@GW Search Term - Password Security
- Content Provider and Location: KnowBe4 Module Accessed Through Talent@GW
Privileged User Security Series: Privileged Access (8 minutes)
- Audience – Intermediate Level of Technical Knowledge Required
- Talent@GW Search Term -Privileged Access
- Content Provider and Location: KnowBe4 Module Accessed Through Talent@GW
Privileged User Security Series: Secure Windows Administration (15 minutes)
- Audience – Intermediate to Advanced Level of Technical Knowledge Required
- Talent@GW Search Term - Secure Windows Administration
- Content Provider and Location: KnowBe4 Module Accessed Through Talent@GW
Privileged User Security Series: Secure Linux Administration (15 minutes)
- Audience – Intermediate to Advanced Level of Technical Knowledge Required
- Talent@GW Search Term - Secure Linux Administration
- Content Provider and Location: KnowBe4 Module Accessed Through Talent@GW
Privileged User Security Series: Secure Database Administration (15 minutes)
- Audience – Intermediate to Advanced Level of Technical Knowledge Required
- Talent@GW Search Term - Secure Database Administration
- Content Provider and Location: KnowBe4 Module Accessed Through Talent@GW
Securing Windows Server 2016: Managing Privileged Identities (1 hour 7 minutes)
- Audience – Advanced Level of Technical Knowledge Required
- Talent@GW Search Term – Server 2016
- Content: LinkedIn Learning Module Accessed Through Talent@GW
Securing Windows Server 2016: Server Hardening Solutions
- Audience – Advanced Level of Technical Knowledge Required
- Talent@GW Search Term – Server 2016
- Content: LinkedIn Learning Module Accessed Through Talent@GW
Securing Windows Server 2019
- Audience – Advanced Level of Technical Knowledge Required
- Talent@GW Search Term – Server 2019
- Content: LinkedIn Learning Module Accessed Through Talent@GW
Password Guidance and Reference Materials Sources and Organizations
CISA https://www.cisa.gov/ - CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. We are designed for collaboration and partnership. Learn about our layered mission to reduce risk to the nation’s cyber and physical infrastructure.
ISACA https://www.isaca.org/about-us - As a globally recognized leader in IS/IT for over 50 years, ISACA is a professional membership organization committed to the advancement of digital trust by empowering IS/IT professionals to grow their skills and knowledge in audit, cybersecurity emerging tech and more.
SANS https://sans.org launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place.
Additonal Resources
National Cybersecurity Alliance https://staysafeonline.org/ - Provides ongoing cybersecurity information and tips. They provide coordination and content as part of the annual Cybersecurity Awareness Campaign. Personal online safety information is available: https://staysafeonline.org/resources/online-safety-privacy-basics/
Federal Trade Commission https;//ftc.gov - FTC also has consumer focused awareness info for Identity Theft and Online Security (https://consumer.ftc.gov/identity-theft-and-online-security) as well as Scams https://consumer.ftc.gov/scams).
