Michael Coppola, president of CJIS Solutions, has set out on a personal journey to share his thoughts on one of the most important topics in this day and age, which is internet security.  For this blog’s talking points, he offers his thoughts on modern measures to take regarding advanced authentication and password creation.

Ordinary user practice seems already stringent enough on the matter of security.  Yet, it is not uncommon to hear of beaches, click baits, and spyware from people.  Maybe once upon a time, you have suspected that your user credentials have leaked somehow because of some weird online behavior that you can’t quite put your finger on.

When it comes to accessing something as privileged as Criminal Justice Information, security becomes exponentially more critical.

Advanced Authentication Deciphered

In principle, Advanced Authentication (AA) is a requirement wherein you have to use
“Something You Know” and “Something You Have” to access Criminal Justice Information from any particular device of your choice.  For purposes of accessing Criminal Justice Information, the use of a simple user name and password does not suffice anymore.  Although Mike Coppola admits that the CJIS Security Policy does not require Advanced Authentication at all times, he recommends agencies to adapt it for all levels of access. One must be more receptive to the reality that cybercrimes, identity theft, and the like are growing at an accelerated pace.  More complex security measures should be put in place, on top of the basic username and password requirement.

Along with this, users themselves need to be more competent and proactive as they transition to a more advanced level of security.  It shouldn’t be acceptable to have officers in an agency who cannot adapt to the technology.

Complex Password Requirement

An improved level of competence among users with privileged access means that they should be more conscientious about creating their passwords.  Often, people who don’t take their passwords seriously fall prey to rabid malware attacks.  For instance, there are discreet hacking software applications that are programmed to create variations of a user’s personal data such as his name, date of birth, or even his home address.  Certain spyware creates algorithms for your own key tapping behavior, which brings the bad elements closer to deciphering your password.

The CJIS Security Policy sets several conditions on password creation that aims to prevent breaches from happening.  Examples of these are the use of a word that is not found in the dictionary, the inclusion of a password expiration policy, or the use of a personal identification number.

In closing, Coppola asserts that advanced authentication and stringent password creation can add multiple defense lines against a lot of very persistent and committed online threats out there.  The dark reality is that these threats will always prey on the big fish like Criminal Justice Information.