Four Through SevenBy Ericka Chickowski | Posted 2008-04-21 Email Print
Any security expert will tell you that shoring up user-authentication information is essential to building the foundation of a solid security program. A good way to start is to employ a few of the login and password-management best practices detailed here.
4. Prevent reuse of old passwords.
Make sure users aren’t just reusing the same stable of four or five passwords during regular updates. Also, ensure that the passwords really are new passwords and not just an easily derived variation of the same old password. For example, “password2” is not an acceptable update of “password.”
5. Lay the rules out in a password policy.
Let the users know the ground rules regarding passwords. Set a policy that requires a minimum password length with a minimum number of symbols and numbers, establishes update frequency, and bans bad habits like password sharing and handwritten passwords. Finally, be sure to enforce the policy to make it stick.
6. Invest in password training.
Make your users aware of why they need to follow the policy and offer tips so they can comply easily. Give them guideline and training on how to develop stronger passwords. Offer advice on coming up with easy-to-remember, strong passwords, such as using the first letter of a favorite catchphrase, while replacing a few letters with numbers.
7. IT staff shouldn’t know user’s passwords.
To some, this may be a no-brainer, but it is oft overlooked and bears repeating. A system should be in place to prevent IT staff from ever knowing user passwords.