Creating a Secure Password Policy
Consider the following tactics for creating secure passwords:
• Set policy that access to all personal computers requires a password. Most experts suggest changing passwords regularly. I don’t see the point if you use the rest of these tactics.
• Strictly prohibit users from giving others their password. Create guest accounts with very limited capability for casual users or visitors.
• Permit passwords that are simple to remember, but not the company name, user name, or other password that’s easily guessed by a colleague. The most common passwords are admin and password. Most passwords are the names of pets, sports teams, children, and family members.
• Lock out a user name after four sequential failed attempts to prevent password cracking attacks.
• For network access, only permit a user name to be logged on in one location. This enforces not sharing user names.
• Use complex passwords for your servers and critical computers. Better yet, use stronger, two-factor authentication.
• Train users how to create complex passwords that they can remember but are hard to crack.
• Train users to choose different user names and passwords for external systems and Web sites to prevent internal access information from being accidentally disclosed.
• You may choose to require that laptops have complex passwords at start up, securing the data if the computer is stolen.
• Use a screen-blanking screen saver with a simple password (one comes with Windows) to secure an un-occupied
computer from an inside attacker. While rebooting easily defeats a screen saver, the attacker will have to re-log on to the computer with a password. A blank screen saves energy and makes the computer appear to be off, further deterring internal attack.
• A computer that’s off is quite secure, so switch off workstations on weekends and holidays. Consider shutting
them down at night. (This doesn’t apply to corporate servers.) Most experts now agree that turning off a PC
extends its life and delivers a 60 percent energy savings. The concern about damage on power-up just isn’t valid.
Share This Article
Sign up Free Email Newsletter
Stay Updates with this Blog. Get Free email newsletter updates, Enter your Email here:Don't forget to confirm your email subcription
No Comment to “Creating a Secure Password Policy”