IT Consulting  Promote Your Business
IT Consulting
ProMatch
Directory
Cost Report
 

Four Common Password Policy Problems






The security of your systems and business in general is likely something that you are concerned, if not worried, about. While it is true that many businesses have security systems in place, the weakest link is often the password. In an effort to ensure that passwords remain secure, many companies adopt password policies. But are these policies really effective?

If you are in the process of implementing a password policy, or are looking for a way to ensure that your business is as secure as possible, you need to be aware of at least four common password policy pitfalls.

Complex password requirements aren't complex at all.

One of the most common elements of a password policy is the requirement that passwords be complex. Many require that the password has at least one number, or a special character like '!' or '&', and possibly even a capital letter. While this may seem like it serves to make passwords more complex, many users will often use a simple password and replace words with a character, or add it at the end. This really doesn't make the passwords complex, it just makes them more difficult to guess.

Because so many systems have these requirements in place, hackers have started to include these factors when they develop password crackers. This means that the are still able to guess many passwords relatively quickly.

Lack of a lock-out.

A common way hackers get into systems is through a method called brute force. This is essentially entering different passwords and variations until you come across the correct password. While this method can take a while, if your password system doesn't have a lock-out rule - whereby the account becomes locked after a set number of failed attempts - you will eventually see a security breach.

Password changes are forced too often.

In order to keep systems secure, many companies force their users to change their passwords on a regular basis - usually every 90 days. While this is a good idea, some take it a bit too far, for example forcing employees to change passwords every two weeks. This may seem like a good idea, but all it does is encourage users to pick easy to remember passwords. And, any password that is easy to remember is likely easy to guess too.

Only focusing on digital passwords

Because the number of password protected systems we use is increasing, many business users are struggling to remember all of the passwords they use. When this happens, the easiest solution is write to them down. When making a note of passwords, most people don't take any steps to hide them, often leaving a sticky note attached to their monitor or written in a notebook casually left open on their desk. Needless to say, this is a real security issue.

How should I ensure a strong password policy?

Here are four actions you can take to ensure not only stronger passwords, but a policy that is effective.

1. Try using passwords that are sayings and have spaces. Believe it or not, a random saying like "rude horses get pizza" is actually way more secure than any one word password with characters. Take a look at this XKCD comic for an interesting graphic on passwords.

2. In order to minimize passwords and systems falling to brute force attacks, you should set a lock-out rule. It should be fair in that you shouldn't lock users out of their accounts if they fail one attempt. Most companies using this method set a limit of 3-5 attempts.

3. You should ensure that your passwords are changed on a regular basis - most companies set every 90 days, and this is fine. In order to maximize security, it is a good idea to set it so that the same password and numbers can't be used, because most employees will just enter another number or character at the end or beginning. In other words, ensure the password is as different as possible.

4. The most obvious point is to remind your employees not to write their passwords down and leave them in an easy to find area. If they have to write passwords down, tell them to use a code or even hide the piece of paper/lock it away in a secure safe. The other step you could implement is two-factor authentication, such as a user needing to enter a numerical code or piece of information when trying to access a system.

Implementing a system like this and recording it in the policy will greatly reduce the chances of your passwords being stolen.



Be the first to find this article helpful.

About the Author

Martinho Galante, NJ Computer Group
2204 Morris Ave, Suite 201
Union, NJ 07083
9083783046

Contact Author: request info

If you would like to re-print this article, please contact the author.
Need some help securing your network? We can match you to a network security specialist near you.
Click to Get Matched

Related Topics

5 Tips to Keep Your Website Safe From Malicious Hackers
5 tips from security expert Regina Smola on how to keep your WordPress website safe from...

Design for Hybrid Agile Adoption (DH2A)
Distributed Agile (DH2A) The Proven Agile Software Development Approach and Toolkit for...

Mobile Branch Office – Mobile Network Relocations
Problem: You have a branch office moving within ninety days, but your service provider...

Top 5 Reasons to Choose Drupal CMS
Today, open source CMS software rules the web. Drupal is an excellent choice for...

The Strategies of Long and Expired Domain Names
Take advantage of expired domain names to boost your site traffic today!

Need some help securing your network? We can match you to a network security specialist near you.

Other Related Topics

Top 10 Reasons for Cloud Computing
Cloud computing has rapidly evolved from a novel trend in corporate technology to one of...

How New Top Level Domains Will Help Your Business
Imagine if you are the owner of Murphy's Irish Pub and your domain name was...

Interactive White Board
Available in 60", 70" and 80" versions

Why Do Web Designers Charge a Monthly Fee?
Making frequent changes to your web site is important, but paying a web designer to make...

Do I Need a Mobile Website?
You need a mobile website if you want to be certain that your website is sufficient for...

Editorial Disclaimer: The views expressed in articles published on this website are those of the authors alone. They do not represent the views or opinions of this website or its staff. The articles on this site do not constitute a recommendation or endorsement with respect to any views, company, or product. Authors affirm that article submissions are their original content or that they have permission to reproduce.

Free Cost Estimates   |   IT Consultants Directory   |   IT Consulting Cost Report   |   Free Business Listing



All users of ProMatcher.com are subject to our terms of use.

Home   |   Articles & Videos   |   Affiliates   |   Networking Groups   |   Search by Category

Terms of Use   |   Privacy   |   Partner Network   |   Your Privacy Choices   |   About Us   |   Contact Us   |   Member Login

©2003-2024 - VentureStreet, LLC

Join Our Business Network