NATO partners with CyLab to increase password security
Daniel Tkacik
Jun 23, 2016
The North Atlantic Treaty Organization (NATO), with its 28 member nations from both sides of the Atlantic Ocean, strives for peace and stability for its members. In doing so, they deal with a myriad of passwords for their authentication systems, but NATO program manager John Boyd realizes its policies are imperfect.
“We’re giving people mixed messages. We’re telling them to create great, strong passwords, but don’t fall in love with them because you’re going to have to change them again in a few months,” says Boyd. “People end up making bad passwords because they have no incentive to make good ones.”
After studying academic literature on passwords, Boyd began to see a trend in which players were in the world of password research.
“I had a huge stack of password research reports on my desk, and couldn’t help but notice that several inches worth came from Carnegie Mellon,” Boyd recalls. Boyd began speaking with CyLab researchers, and recently signed on as an official Partner.
I had a huge stack of password research reports on my desk, and couldn’t help but notice that several inches worth came from Carnegie Mellon.
John Boyd, Program Manager, NATO
“One of our main goals is to understand if and how changing passwords every couple years – as opposed to every couple months – would make our systems more secure,” Boyd says. CyLab researchers Lujo Bauer and Nicolas Christin are among the faculty slated to work with NATO in achieving its goals.
“This project inscribes itself in a larger body of scientific research we have been conducting,” says Christin, a professor of Electrical and Computer Engineering. “This work can have a meaningful impact on administrative policies in large-scale organizations; having such an impact would be very rewarding.”
The idea of changing your password isn’t necessarily new. CyLab faculty Lorrie Cranor, who is currently on-leave serving as Chief Technologist at the Federal Trade Commission, recently recommended in the Tech@FTC blog that people should change their passwords “not as often as you might think.”
Despite experts like Cranor already touting this advice, researchers are still in the midst of proving its accuracy, which is needed for Boyd to implement policy changes at NATO. This is where CyLab’s work in this area will be crucial.