Waiting to Notify Customers of Breach Is to the Company's Advantage

Paul Mah
Slide Show

Five Tips for Keeping Passwords Safe

Check out the key issues your users should always be aware of when it comes to password security.

At IT Business Edge, we are always cognizant of how important proper training is for small and medium-sized businesses. This is especially true when it comes to inculcating proper security practices in staffers.


Passwords are typically the first line of defense against unauthorized access, and I want to highlight some pointers about password management that all employees should know. Knowing the reason why certain policies are enacted will help ensure that they are adhered to.


Here are five aspects of good password management that employees need to know.


The Password Should Not Be Too Short


Employees need to know why short passwords can be very quickly compromised. This can be done by calculating the permutations based on the length of the password, as well as whether numerals and symbols are used.


As a rough guide, it will take only slightly more than half an hour for a modern desktop to brute-force a password that is seven characters long, and consists only of alphabet characters. A password that is eight characters, though, will take 15 hours; one that has 12 characters, some 30 years.


Avoid Reusing Passwords Between Personal and Work Accounts


It is generally a very bad idea to use the same password for different accounts. However, it would be foolish, too, for an administrator to imagine that the typical employee would make use of a different password for every system that requires one.


A more moderate stance would be to have different sets of password between personal and work accounts. While it might seem obvious in hindsight, employees should be shown that using the same password for work accounts, as well as for every free social media service, IM service and online gaming accounts out there, is a very bad idea.


The IT Help Desk Will NEVER Ask for Your Password


This sounds almost cliche now, but the IT department should periodically remind employees that their passwords will never be requested.


You Are Welcome to Change Your Password Anytime


In the recent movie remake of Alice in Wonderland, the Red Queen concluded that it is far better to be feared than loved. When it comes to pre-empting possible breaches in security, though, I would rather that employees come forward if they suspect their accounts are compromised or confidential data illegally accessed than to find out on the front page of the newspaper or Google News.


So tell your employees this: You are welcome to change your password anytime.


Regular Password Changes Are Necessary


Detractors will be quick to point out that mandatory regular password change is the primary cause of employees writing down their passwords. However, the security reality of keyword loggers and the pervasiveness of other invasive malware mean that it remains an important practice to enforce regular password changes.


Employees are also increasingly accessing their work accounts from remote locations, so users need to be educated on the necessity of changing their passwords regularly. Note, however, that there is a difference between regular and frequent, and it is important not to overdo the frequency of changes.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data

Thanks for your registration, follow us on our social networks to keep up-to-date