Our “White Paper” series is all about the business of IT. Topics like password security, IT management, and technology purchases are all covered in our informative series aimed to help small businesses achieve their technology goals.
People forget passwords. It’s just one of those things that computer support personnel deal with on a daily basis. To help them remember, users often use simple things like their child’s first name and birth date, their dog’s name, or their street address. They use just about anything that reminds them of their password.
Using such simple passwords is just like locking your front door and leaving the key under the mat. A hacker doesn’t even have to use specialized tools to obtain basic information about you. He can gather your personal information and try different combinations as potential passwords.
What can you do to help ensure your systems are secure?
A) Create password policies that enforce:
- Password History – Ensures that a user cannot re-use a password within the specified number of passwords stored in the history. For example, if set to five, the user would have to reset the password five times before the system would allow the reuse of the first password.
- Minimum Password Age – Establishes a minimum number of days that must pass before the password the user can change the password again; generally a minimum of three days.
- Maximum Password Age – Used to force users to change their passwords on a regular basis.
- Password Complexity Requirements – Forces users to incorporate different elements into their passwords, making them harder to crack. For example:
- Do not allow passwords that contain significant portions of a user’s name or user ID.
- Enforce a minimum password length, usually at least seven or eight characters.
- Require passwords to contain characters from at least three of the following character sets:
- Uppercase characters (A through Z)
- Lowercase characters (a through z)
- Numbers (0 through 9)
- Special characters (&, $, #, or %, etc.)
B) Teach your employees how to create easy to remember secure passwords that comply with the password complexity requirements you define.
C) Require the use of a different password for each major system you need to secure.
For more information on how to protect your business from other external threats visit