How much attention do you pay to the passwords used by your company's employees?

RomanZ

Do you guide employees at your company on the creation of passwords? There is a fair amount of mixed use of laptops at my office, since people are allowed to take them home and we don't have any strict policy about personal/business use beyond restricting downloads of applications. Songs, video, email are all fine for people to use on their work laptops. Most of the data on those laptops that is of the sort that we would not wish compromised is either in spreadsheets or email conversations. After reading about how weak common passwords are, I'm not so sure that I want to continue to leave it up to the individual. Do you have a hand in creation of passwords at your office, and if so do you just offer guidance or mandate use a password manager?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (23)

Hi RomanZ,

Here's a helpful guide on passwords. You might find this helpful. I think some sort of guidelines are very important since most employees will be clueless about the necessity of password security.

Information Technology Security Password Guidelines
http://www.tcnj.edu/~it/security/passwords.html

"Purpose
Passwords are a critical part of information and network security. Passwords serve to protect user accounts but a poorly chosen password, if compromised, could put the entire network at risk. As a result, all employees of The College of New Jersey should take appropriate steps to ensure that they create strong, secure passwords and safeguard them at all times. The purpose of these guidelines is to set a standard for creating, protecting, and changing passwords such that they are strong, secure, and protected.

Scope
These guidelines apply to all employees of the College who have or are responsible for a computer account, or any form of access that supports or requires a password, on any system that resides at any College facility, or has access to The College of New Jersey's network.

General
What is a password? Your computer password is your personal key to a computer system. Passwords help to ensure that only authorized individuals access computer systems. Passwords also help to determine accountability for all transactions and other changes made to system resources, including data. If you share your password with a colleague or friend, you may be giving an unauthorized individual access to the system and may be held responsible for their actions. What if the individual gives your password to someone else? What if some of your files are deleted or otherwise rendered unusable? Are you willing to take the blame if an unauthorized individual uses your access privileges to damage the information on the system or to make unauthorized changes to data?

Authentication of individuals as valid users, via the input of a valid password, is required to access any shared computer information system. Each user is accountable for the selection, confidentiality and changing of passwords required for authentication purposes. Since you are responsible for picking your own password, it is important to be able to tell the difference between a good password and a bad one. Bad passwords jeopardize information that they are supposed to protect. Good ones do not."

hughye
Vote Up (12)

 

Not enough, judging from this year's SplashData ranking of top stolen passwords posted by hackers:

1. password

2. 123456

3. 12345678

4. qwerty

5. abc123

 

Hard to believe people actually rely of such weak passwords, but there you go.  

 

I would suggest that you encourage your employees that use personal password try out a password generator.  There are a lot of choices, but here is an easy one: http://www.pctools.com/guides/password/

 

Ask a question

Join Now or Sign In to ask a question.
EBay faces a class action suit in a U.S. federal court over a security breach earlier this year.
A vulnerability broker published a video demonstrating one of several flaws it has found in the privacy-focused Tails operating system, which is used by those seeking to make their Web browser harder to trace.
Juniper Networks has divested its mobile security product line, selling the assets to a private equity firm for $250 million.
Six people have been indicted on charges of running an international ring that resold tickets bought through compromised StubHub accounts for some of New York's biggest concerts and sporting events.
Dutch intelligence services can receive bulk data that might have been obtained by the U.S. National Security Agency (NSA) through mass data interception programs, even though collecting data that way is illegal for the Dutch services, the Hague District Court ruled Wednesday.
The TOR Project thinks it has figured out how the author of a canceled Black Hat talk cracked its software to mask the source of Internet traffic, and it is working on a patch.
Businesses wanting the security of BlackBerry Enterprise Service 10 without the complexity of managing it onsite can now buy it as a hosted service from six BlackBerry partners.
A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.
A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.
A company that specializes in selling information on software vulnerabilities has reignited a debate over the handling of such information, especially when it pertains to privacy-focused tools.

White Papers & Webcasts

Webcast On Demand

Transform Your IT Service Management

Sponsor: EasyVista

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness