Talon KnowHow

• Password Policy Guidelines
• Do I Need a Password Policy?
• Help Customers Find You on Google
• PowerPoint - Transition with Style
• Passwords – The Achilles Heel of Security
• Dealing with Computer Misuse
• Save Time with the Snipping Tool
• Why Not Have a Virtual Meeting?
• Top Tips for Virtual Meetings
• Keyboard Tips
• How to Avoid Counterfeit Software
• Office 2007 - Ribbon Rage

Do I Need a Password Policy?

In a previous Talon KnowHow article we wrote about the security risk of using weak passwords online and expanding on this theme we ask 'Does your company need a password policy?'

 

So does my company need one - in a word 'yes'.

 

No matter what the size of an organisation a password policy, that ensures strong passwords that are changed often, is a must. Weak passwords are easily cracked and so your company is only as strong as is its weakest password.

 

What is a Password Policy

First of all let's define what a password policy is and from the all knowing Wikipedia we get:

 

'A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.'

 

Password policies usually outline a standard for the creation of strong password, how you should protect those passwords and the frequency of change. Usually there is also an enforcement aspect in which users who violate the policy are subject to the company's disciplinary procedure.

 

Why Do I Need a Policy?

An effective policy will stop passwords from being cracked or guessed. This will help prevent your network being compromised and the loss, exposure and/or corruption of your data.

 

Imagine a company which has no password policy - there is no restrictions on the passwords staff can choose and they never expire. You may think that as long as the administrator password is secure this doesn't matter.

 

But everyone that has a password has access to some part of your network. Even if a user only has minimal access to the accounts database, for instance, if their password is cracked the hacker now has access to your accounts database.  

 

The hacker might even conclude that as the password was easy to crack then others in the company are likely to be too and therefore gains even more access to your network.

 

It's even more important if you have staff who access your network remotely from laptops.  If there is minimal password security and a laptop is pinched a hacker can gain access to the laptop and then very easily access to your network.

 

Setting a Policy

If you don't have a polilcy then next month we'll look at guidelines for setting up a password policy that works. And if you have a Windows Server then you will already have the ability to apply the rules that you choose.