Presentation on theme: "Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security."— Presentation transcript:
Password Security An overview
We need your help The IT department uses the latest technology and techniques to maintain the highest level of security possible, but we can’t do the job without your help. Every employee plays a critical role in keeping our computer network secure. One of the greatest security vulnerabilities lies in the improper or ineffective use of passwords. Here are some important guidelines to keep in mind.
What is a weak password? A weak password: Contains fewer than six characters Is a word found in a dictionary (English or foreign) Is a common usage word such as: Passwords containing the user ID in any form Names of family, pets, friends, or co-workers Birthdays and personal information, such as addresses and phone numbers Any of the above spelled backward Any of the above preceded or followed by a digit (secret1, 1secret) or the same letter (ssecret, secrett)
What is a strong password? A strong password: Contains digits, symbols, and uppercase and lowercase characters. For example: a-z, A-Z, 0-9, Is at least eight characters long Isn’t a word in any language, slang, or dialect Isn’t based on personal information, names of family, etc.
Password do’s and don’ts Keep your user ID and password to yourself Use antivirus software (both at home and at work) Screen-lock or log off your computer desktop when you are away from the computer Report security incidents immediately DO: DON’T: Reveal your password to anyone over the phone, , or IM Share your password with your boss, family members, or a co- worker while you’re on vacation Reveal a password on questionnaires or security forms Use the “Remember Password" feature of applications in any public computer (conference room, airport, Internet café, etc).
The password policy Highlights Minimum password length is 8 characters Complexity is strongly recommended All user passwords ( , login, etc.) must be changed at least every 90 days– no exceptions! A password can’t be reused for at least two years Preferably, a policy should be set such that after 5 consecutive login failures, the account must be locked for a minimum of 30 minutes and the Account Administrator for the system must be notified Administrators must be able to verify the identity of the requestor before resetting the password Temporary passwords must be changed at the next login when a new user is created