Brute-force Password Attacks
Today's GCN Lab Review features a device that automatically cracks passwords on SD memory cards. The device, manufactured by ManTech, uses brute-force techniques to guess every word in the dictionary and then tries random combinations until it hits the password. Strong passwords can slow this process down, but unless there are brute-force protections built into the device, it is only a matter of time before the password is cracked.
This is a good opportunity to point out the brute-force protections that are standard on Kanguru secure USB flash drives. By default, Kanguru Defender and Defender Elite flash drives allow only 6 incorrect attempts before the drive is completely deleted and reformatted using a secure data wipe algorithm. Using Kanguru Administrator Tools, additional security measures can be configured, including:
- Strong password enforcement - password length and content (upper case, lower case, number, special char)
- Force users to change password every 30 or 90 days, or at next login
- Restrict users from using the same password multiple times
- Customize the number of incorrect login attempts that are allowable
- Configurable options for brute-force prevention:
- Automatically delete all data (default)
- Activate time-out period (configurable time period)
- Disable the device until an Administrator unlocks it
These settings can also be remotely managed from anywhere in the world with Kanguru Remote Management Console.