ICT Best Practises - Follow adequate procedures for user passwords
You are here
Inadequate password procedures are a common source of system and account intrusions. Technicians should:
- Ensure that all accounts require a password and that, if technically possible, there are automatic routines (dictionaries, pattern enforcers, etc.) that force the user to choose a good password initially and each time the password expires.
- Implement a system such that all re-usable passwords are not sent over the network in clear-text.
- Eliminate the storage of passwords on systems where feasible. Alternatives include Kerberized services or SSH with PAM support.
- Remind users that passwords should not be shared with anyone, including friends, roommates, co-workers, supervisors, technicians, etc..
- Do not allow web browsers and other applications to "remember" user passwords.
Category: