Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Implementing a Secure Password Policy

I don't need to tell you the importance of good network security - but I will. If your network is compromised, competitors could obtain information about where your company gets their resources, steal your company's research, learn your company's marketing plans, and other sensitive information that could destroy your company's competitive advantage. The loss of competitive advantage could require your company to reduce its labor force - in other words you could lose your job.

If your company's network is compromised, identity thefts could use your company's customers credit card numbers and social security numbers to steal their identities and destroy their lives. And it's not only your company's customers who are going to suffer. When the source of the security breach is traced to your company, the result will be a negligence lawsuit. And after you get a reputation for being incompetent in the area of network security, try to get a network administrator job at another company.

Having a secure password policy is the front line of network security. What good is a firewall and ant-virus protection if hackers can easily log on and have their way with your network? A secure password policy requires the following steps:

Require users to create secure passwords
Configure your system for password security
Disable default administrator accounts
Create a Written password security policy
Continuously communicate the password policy

How a Password Cracking Program Works

Hackers trying to break into your company's network will use a password cracking program. The program runs continuously on one or more computers. At predefined intervals it attempts to logon to your company's network using the next username and password in sequence in its dictionary. After a predefined number of failed attempts, it will wait for a predefined interval before making another attempt.

A password cracking program is not so aggressive that its activities are easily detectable. You'll never know about the hacker's activities unless you carefully analyze your server logs. A hacker will continue to run the password cracking program for years. They have lots of patience because, after all, they are just sitting watching TV while the password cracking program trys to break into your company's network. And when it finally breaks into your system, the hacker can sell your company's customers personal information for hundreds of thousands of dollars.

Require Users to Create Secure Passwords

Your job, as network administrator, is to force you users to create passwords that are very time consuming for the password cracking program to discover. In order to do this, users must create passwords that are not at the beginning of the password cracking program's dictionary. If one of your users thinks it's cute to use the name of their pet as a password, I can assure you that the word "scooter" is very close to the beginning of the cracker's dictionary. Your networks security might not last the week.

Require users to create passwords that comply with the following rules:

Don't use a persons name, pets name, street name, or name of an activity, event, place or thing
Don't use any word that would be in the dictionary
Make the password long, the longer the better (some systems have a maximum password length)
Use a combination of letters and numbers
Use special characters, like underscore or exclamation mark (if your system allows special characters)
Use a combination of uppercase and lowercase letters (if your system's passwords are case sensitive).

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268