In both share-level or user-level
security models, passwords are given to the user for access to the
network or specific data.
Passwords should always be kept secure and never written down where unauthorized
users may be able to stumble upon them.
Passwords should not be:
- The log on, first, or last name of
the user. Or the names reversed.
- A familiar name, a spouse, child,
pet, or relative.
- Easily attainable information, such
as personal information.
- A word found in any language
dictionary.
- A combination of letters and
numbers.
- A group of single digits or letters.
For instance: AAAAA or 11111.
Passwords should be:
- Between six and eight characters in
length.
- Include non-alphanumeric characters
- Be set to expire periodically,
ideally once every 30 days.
|
|