Skip to main content

You are here

2008.7 September - Password Control

Submitted by Admin on Wed, 27/08/2008 - 11:39

Passwords are used to control user access to information and to prevent unauthorized use of resources. They are a necessary part of business today, and should be under careful control.

We are always surprised by the cavalier approach most businesses have toward passwords. Most passwords in use are dictionary words, easily remembered, and just as easily discovered by a third party if they know anything about the individual and their personal interests. We regularily have to block attempts to log into our servers using lists of popular passwords.

Passwords should not be taken lightly. Most software has the ability to reject weak passwords, and rules should be established. If you can, require that passwords be at least 8 characters with a mixture of upper and lower case, and at least one numeral.

In a business environment, no user should have the ability to change their own password for business critical functions. Assigning passwords to users means that access to business information is maintained even if the user is unavailable, and changing a password to control access if a user is terminated is easily done.

Passwords should be changed frequently if the information they protect is sensitive, and should be changed immediately if there is a chance that your systems have been compromised, either by an intruder or through the loss of a computer or a data storage device. Business today has a legal requirement to protect the personal information they maintain on their clients and employees, and failing to meet that obligation can have serious financial consequences.

We are also aware that many business owners have delegated critical operations to employees, who are using personal passwords with programs such as Simply Accounting. If the employee dies or quits, the owner does not have access to his own accounting information. What is normally a business difficulty can have disasterous consequences without proper control.

Password control is one of the Best Practices pivotal to maintaining proper information security. Contact Inc. for an assessment of your security requirements.


Link to this page

To refer others to this page copy the following link code and paste it into your page, blog, text or email.

Premium Drupal Themes by Adaptivethemes