Configuring password protection
In any system, the password plays a very important role in terms of security. A poor password may lead to an organization's resources being compromised. The password protection policy should be adhered to by everyone in the organization, from users to the administrator level.
How to do it…
Follow the given rules when selecting or securing your password.
For the creation policy, follow these rules:
- A user should not use the same password for all the accounts in an organization
- All access-related passwords should not be the same
- Any system-level account should have a password that's different from any other account held by the same user
For the protection policy, follow these rules:
- A password is something that needs to be treated as sensitive and confidential information. Hence, it should not be shared with anyone.
- Passwords should not be shared through any electronic communication, such as e-mails.
- Never reveal a password on your phone or questionnaire.
- Do not use password hints that could provide clues to an attacker.
- Never share company passwords with anyone, including administrative staff, managers, colleagues, and even family members.
- Don't store passwords in written form anywhere in your office. If you store passwords on a mobile device, always use encryption.
- Don't use the Remember Password feature of applications.
- In there's any doubt of a password being compromised, report the incident and change the password as soon as possible.
For the change policy, follow these rules:
- All users and administrators must change their password on a regular basis or at least on a quarterly basis
- The security audit team of an organization must conduct random checks to check whether the passwords of any user can be guessed or cracked
How it works…
With the help of the preceding points, ensure that a password, when created or changed, is not easy enough to be guessed or cracked.
