Secure Business Password Management

Your company needs to have a password policy to secure sensitive customer and employee information. The security of your network is only as good as the weakest entry point. The weakest point in most business networks are weak passwords.

Passwords need to be eight (8) characters or longer with a mixer of UPPER and lower case letters, numbers and special characters. Dictionary words and names are not good passwords since those are the first ones tried by cracking software. A password 6 characters long made up with only lower case letters can be cracked in 5 minutes. A password 8 characters long made up with upper and lower case letters, numbers and special characters cannot be cracked in 200 years.

Employees must be trained not to share passwords or to post them near their PC. The best password is useless if it is hidden under the keyboard.

While it may be a pain, you need to lockout accounts when the wrong password is entered 4 or 5 times in a row. Plus, you need to require new passwords every few months.

When installing new equipment or software, you need to replace the factory default user name and password.

Employees need to be warned about emails and phone calls that try to deceive them into providing passwords. They must never provide them to anyone.

Often email passwords are the weakest passwords, but they need to be the strongest. What happens when you forget a password and click on ‘I forgot password’? It gets emailed to you. An Identity Thief only needs to crack the email password to get many of the others.

Human nature makes the combination of strong passwords, lockout and expiration a problem. Employees are more likely to write down passwords if they are hard to remember, or replaced often. You could teach them these techniques to increase adherence to your policy.

Create a phase that includes punctuation and numbers. For example: Joe has 3 kids: Mary age 6, Joe age 7 & Mike who is 10. Then use the first letter of each word which results in this strong password: Jh3k:Ma6,Ja7&Mwi1.

Randomly substitute numbers for letters that look similar. The letter “o” becomes the number 0, or “y” becomes “4”. San Francisco becomes 5@nfR@nc15c0.

The employee knows the phase and the password, but it is not likely anyone else would. Of course if it becomes common knowledge what system is being used, a thief could research the employees and guess the passwords.

Passwords are the keys to the safe, don’t leave them setting on the desk.

Advertisements

About Bruce Demarest

Bruce Demarest is a Identity Theft Protection Specialist. He has designed and taught classes to educate individuals and businesses in identity theft risk management. The individuals have learned how to continuously monitor their financial identities from credit fraud, plus how to monitor their personal identifying information for unauthorized use. His business clients have become compliant with the federal & state privacy laws. He has conducted information security audits to identify their potential problems and has designed security policies, programs, and practices to address those problem areas.
This entry was posted in Business Identity Theft, Identity Theft Protection and tagged , , , , , , , , . Bookmark the permalink.

3 Responses to Secure Business Password Management

  1. Pingback: Business Culture of Security: Do you audit your vendors? | Bruce Demarest Creating Cultures of Security

  2. Pingback: 10 Tips for Protecting Your Identity in 2012 | Bruce Demarest Creating Cultures of Security

  3. Pingback: Do you use the same login & password for all accounts? | Bruce Demarest Creating Cultures of Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s