10 Tips for Better Password ManagementBy Ericka Chickowski | Posted 2008-04-21 Email Print
Any security expert will tell you that shoring up user-authentication information is essential to building the foundation of a solid security program. A good way to start is to employ a few of the login and password-management best practices detailed here.
Baseline has culled together well-known and not-so-established login and passowrd management practices, techniques and short cuts for users and administrators alike. Use these tips to help shore up your company’s practices.
1. Crack your own passwords.
If you want to make sure users are developing strong enough passwords, employ methods similar to those of the bad guys. Consider “pre-cracking” passwords when they are initially established, using a dictionary attack to ensure they are up to snuff before they go into service. If this isn’t feasible, conducting random password audits using tools such as Cain & Abel can at least keep users on their toes.
2. Ban the use of post-it note password reminders.
No matter how secure your password-management tools or IT password practices are, if user monitors are covered in sticky notes with written passwords, your work is meaningless. Ban this practice and consult with management to ensure that enforcement efforts have teeth.
3. Automate regular password updates.
No password is perfect, especially one that has been around for a long time. Make sure users are changing passwords at least quarterly by automating the process. If you don’t, they probably won’t comply.