Eight Through TenBy Ericka Chickowski | Posted 2008-04-21 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Any security expert will tell you that shoring up user-authentication information is essential to building the foundation of a solid security program. A good way to start is to employ a few of the login and password-management best practices detailed here.
8. Never store passwords in cleartext.
Password storage should always be encrypted.
9. Synchronize passwords judiciously.
Password synchronization can make it easier on users by enabling them to use one or two passwords for a myriad of systems. But leveraging synchronization puts an organization at greater risk to a network attack if that password is compromised. Strong passwords are absolutely mandatory, and insecure systems that use little or no cryptography should not be included in password synchronization.
10. Take advantage of another form of authentication.
Selecting another method of authentication, such as biometrics, tokens and additional shared secrets, is a great way to augment the imperfect password system. Though these methods cost more, they are well worth it for high-risk systems. At the very least, taking advantage of shared secrets (such as a question-response system) can be a good way to automate a password-reset system to take the burden from the help desk.