DoD to require passwords to be changed every day, use at least 27 different letters
FORT MEADE, Md. – The Pentagon has announced new password requirements to beef up security on all DoD networks, Duffel Blog has learned.
According to a recent memo, the DoD has made it a top priority to protect members’ Personally Identifiable Information (PII) by using the following requirements:
- Passwords must be at least 54 characters but not more than 56 characters long
- 27 characters must be non-repeating letters
- 19 characters must be numbers that cannot repeat, be odd, or be even
- The time allowed to enter the password is between 3 and 5.7 seconds
- The password must be entered at high tide
- Users will be required to reset their password after one correct attempt
The changes were recommended by the National Security Agency in the wake of numerous recent cyber-attacks on the Office of Personnel Management, the Democratic National Committee, and other high-profile organizations, sources confirmed.
“These hackers represent a clear and present danger to the security of the United States," said a source with NSA's Security, Hacking, and Information Technology (SHIT) division, who wished to refer to himself as Jack Ryan despite his actual name not being operationally sensitive in any possible way.
“Our goal is to make it practically impossible for someone to gain access to a government employee’s PII. If that means the employee has difficulty accessing it, that’s simply the price of doing business in the current cyber threat environment.”
Several SHIT specialists have cast doubt on the efficacy of this measure.
“I pointed out several times that these requirements literally make it impossible to create an acceptable password," said Capt. Tom Garrison, the only end-user and non-civilian working in the SHIT office. “They told me to contact the help desk for assistance.”
Despite concerns, the NSA is claiming victory over enemy hackers, and a spokesperson confirmed that the security upgrade is in the final stages of testing.
"There have been no successful accesses of any system equipped with the new password requirements," the spokesperson said.
Sources say all DoD users should expect the required password change to take place the morning that a very important PowerPoint presentation is due.