Makerere University

Enter a keyword or two into the search box above and click search..

Follow adequate procedures for user passwords

You are here

Inadequate password procedures are a common source of system and account intrusions.

Technicians should:

  1. Ensure that all accounts require a password and that, if technically possible, there are automatic routines (dictionaries, pattern enforcers, etc.) that force the user to choose a good password initially and each time the password expires.
  2. Implement a system such that all re-usable passwords are not sent over the network in clear-text.
  3. Eliminate the storage of passwords on systems where feasible. Alternatives include Kerberized services or SSH with PAM support. Both can be configured to use use the UISO's Kerberos KDCs to validate authentication data.
  4. Remind users that passwords should not be shared with anyone, including friends, roommates, co-workers, supervisors, technicians, etc..
  5. Do not allow web browsers and other applications to "remember" user passwords.