How many websites you visit that require you to have a username and password, probably hundreds and many will need you to provide a password. This proliferation of password use, and increasingly complex password requirements places an unrealistic demand on most users. Inevitably, users will devise their own coping mechanisms to cope with ‘password overload’. This includes writing down passwords, re-using the same password across different systems, or using simple and predictable password creation strategies.
How many passwords do you have? The average number is 22 which may seem like a lot and nothing to worry about but in most cases they’ll be similar or contain words that have some link to your family, notable dates, where you live or your favourite sports or pets.
Passwords are the most common way for your organisation and the people in it to prove identity when banking, making purchases, accessing computers themselves (via User Accounts) etc. The use of strong passwords and their secrecy is therefore vital in order to protect the organisation’s and individuals’ security and identity. How can passwords be discovered and how do you improve your system security? The following infographic from CESG provides sensible guidance.
The following tips are all worth considering.
- Change default passwords
- Help users cope with password overload
- Understand the limitations of user-generated passwords
- Understand the limitations of machine-generated passwords
- Prioritise administrator and remote user accounts
- Use account lockout and protective monitoring
- Don’t store passwords as plain text
Over the coming weeks, we’ll be blogging on each of the 7 points above.
If you require any advice on password solutions please get in touch.
Contains public sector information obtained from the Department of Business Innovation Skills licensed under the Open Government Licence v3.0.