10 Tips for Better Password Management

 

Baseline has culled together well-known and not-so-established login and passowrd management practices, techniques and short cuts for users and administrators alike. Use these tips to help shore up your company’s practices.

1. Crack your own passwords.

If you want to make sure users are developing strong enough passwords, employ methods similar to those of the bad guys. Consider “pre-cracking” passwords when they are initially established, using a dictionary attack to ensure they are up to snuff before they go into service. If this isn’t feasible, conducting random password audits using tools such as Cain & Abel can at least keep users on their toes.

2. Ban the use of post-it note password reminders.

No matter how secure your password-management tools or IT password practices are, if user monitors are covered in sticky notes with written passwords, your work is meaningless. Ban this practice and consult with management to ensure that enforcement efforts have teeth.

3. Automate regular password updates.

No password is perfect, especially one that has been around for a long time. Make sure users are changing passwords at least quarterly by automating the process. If you don’t, they probably won’t comply.