Your company needs to have a password policy to secure sensitive customer and employee information. The security of your network is only as good as the weakest entry point. The weakest point in most business networks are weak passwords.
Passwords need to be eight (8) characters or longer with a mixer of UPPER and lower case letters, numbers and special characters. Dictionary words and names are not good passwords since those are the first ones tried by cracking software. A password 6 characters long made up with only lower case letters can be cracked in 5 minutes. A password 8 characters long made up with upper and lower case letters, numbers and special characters cannot be cracked in 200 years.
Employees must be trained not to share passwords or to post them near their PC. The best password is useless if it is hidden under the keyboard.
While it may be a pain, you need to lockout accounts when the wrong password is entered 4 or 5 times in a row. Plus, you need to require new passwords every few months.
When installing new equipment or software, you need to replace the factory default user name and password.
Employees need to be warned about emails and phone calls that try to deceive them into providing passwords. They must never provide them to anyone.
Often email passwords are the weakest passwords, but they need to be the strongest. What happens when you forget a password and click on ‘I forgot password’? It gets emailed to you. An Identity Thief only needs to crack the email password to get many of the others.
Human nature makes the combination of strong passwords, lockout and expiration a problem. Employees are more likely to write down passwords if they are hard to remember, or replaced often. You could teach them these techniques to increase adherence to your policy.
Create a phase that includes punctuation and numbers. For example: Joe has 3 kids: Mary age 6, Joe age 7 & Mike who is 10. Then use the first letter of each word which results in this strong password: Jh3k:Ma6,Ja7&Mwi1.
Randomly substitute numbers for letters that look similar. The letter “o” becomes the number 0, or “y” becomes “4”. San Francisco becomes 5@nfR@nc15c0.
The employee knows the phase and the password, but it is not likely anyone else would. Of course if it becomes common knowledge what system is being used, a thief could research the employees and guess the passwords.
Passwords are the keys to the safe, don’t leave them setting on the desk.