East Kingdom Gazette

Covering the Eastern Realm of the SCA

East Kingdom Webministry Announces Password Policy Changes

by EK Gazette

badge WebministerTo the populace of the East,

On July 1st, East Kingdom Webministry will be implementing a stricter password policy. From that date forward all passwords will need to be a minimum of 12 characters in length. Also beginning on July 1st we will be checking for known compromised account credentials for all new East Kingdom members accounts and password changes on existing accounts.

At a later date we will start proactively checking existing accounts and requiring password changes for any passwords found to be compromised. As always, the best guidance is to use long, memorable, and unique passwords for each separate online account you have.

Questions:

  • How can I remember and manage long, memorable, and unique passwords across all the places I have to log in to things?
    • East Kingdom Webministry strongly recommends the use of a password manager, such as LastPass, Bitwarden, KeePass, or 1Password. These utilities can help you create, safely store, and manage unique passwords for each website and account that you use. Web browsers also offer tools to remember and manage passwords, but dedicated password managers offer advantages in creating and safely storing secure passwords and in cross-device and cross application functionality.
  • If you are checking the password I enter, don’t you know my password? If you are checking it with an online dataset, don’t they get my password?
    • No. Before your password is collected and checked, it goes through a transformation known as a one-way hash. This creates a new text string from your password, and cannot be reversed to your original password. This new string is what is used for the checking. If this new string matches, we can say that your password is compromised. If this new string does not match, then you are good to go, and no one can tell what your original password is. East Kingdom Webministry does not know your password, and will never ask for it from you.
  • Why? Why are you even doing this? Why does it matter? Why are you making things harder for me?
    • There are many reasons to ensure accounts remain secure. But at a minimum, because officers often have access to important data and systems, and keeping these secured benefits everyone. Shorter passwords and reused passwords are more susceptible to being compromised.

Share this: