Password Policies – what are the real issues?

Written by Simon Bisson

Love them or hate them, we're going to have to live with passwords for a long time. That means IT support teams will be left ensuring passwords can't be broken, and that they're easy to remember. After all, you don't want to keep resetting passwords or having to tell your boss that a user's weak password has meant that someone has been able to steal your data. There's a proliferation of passwords, for business and for personal use. And that is a problem.

Password insecurity

It's very easy to get a password from someone. It might be written down on a piece of paper stuck to a monitor, or swapped for a free pen or a coffee on the station platform. Users often don't realise just how important their passwords are, and how much of the business they can open up to third parties.

It's important therefore to educate users about your password policies. They're your first line of defence, and once they understand why passwords are necessary – and the rules they need to follow – the better. Your first aim will be to stop users writing passwords down, and your second will be to encourage them to use strong passwords.

It might be necessary to regularly run common password cracking tools over your users' passwords to ensure that they aren’t using common words or phrases that would be easy for a criminal to access.

You need to be a subscriber to read the rest of this article.

Already a subscriber? Sign in here