A Business Guide to: Passwords
A mandatory part of any organisation’s relationship with its employees is the requirement to set up a secure password, which allows access to the important documents needed to ensure the fluid day to day processes of the business.
Primarily, enterprises outline their password requirements to employees by creating certain boundaries to follow, with a view to protecting intellectual property – a valuable business asset.
These boundaries tend to follow similar patterns across all work environments. In creating a secure password, the initial construction needs to be a combination of alphabetical and numerical characters with upper and lower case lettering and limited repetition.
Password expiry
With this in mind, the parameters set by an IT department should include expiry dates on each password so they are renewed at least every 90 days. This ensures the new combination is completely different to the previous selection of characters.
In addition to the precautions taken around passwords, username construction should also be considered.
Organisations should address this in order to make login credentials more secure.
It is common for businesses to retain the same construction for all employees, allowing details to be easily predicted by intruders for any personnel on site. Therefore, if slight formatting differences were in place, login credentials become more secure.
Multi-factor security
It is important to also note that it can be difficult to create passwords that are as memorable as they are compliant with internal regulations. Personnel which commonly use memorable words, such as their mother’s maiden name, can be easily guessed by intruders.
Therefore to combat this, ADT would advise a multi-factor combination: coupling a password with smart-card authentication to create a successful password management strategy.
ADT recommends that organisations use a card-based access control solution alongside straightforward IT password management.
Enterprises already deploying a physical access system around a building are equally able to introduce ‘logical access’ to extend security to laptops or desktop machines.
Secure sign-on
The use of smartcard technology means that the same card used to gain access to the premises has its use extended to the IT infrastructure in order to allow secure PC sign-on.
It runs on the dual principle ‘something you know’ (the username/password – authentication factor) and ‘something you have’ (the smartcard – authentication factor) resulting in successful sign-in.
Logical access provides all establishments with various security options that can be tailored to the suitable security level for the organisation, with permissions set at a server/network administrator level rather than simply at a user level.
Furthermore, in the event a user has forgotten their card, there are also options to override the service using emergency access: knowledge based authentication, or KBA.
Knowledge based authentication
KBA works with a series of personal questions and responses customised to each user which continues to maintain the appropriate level of security.
‘Logical access’ provides an additional layer of security which takes the straightforward user/password sign-in one step further.
In large organisations, it can be difficult to control a username/password system thoroughly, as it is very user-dictated. Therefore this initiative regains control behind password-based access through smart card technology and combinations of authentication.
These systems reduce the dependency on IT support workers for remote password reset or other access queries.
With advancing technologies in play, it is now more important than ever that organisations introduce an additional security layer to employees’ access codes in order to protect critical documents integral to daily business flow.
Dual functioning systems allow end-users to customise procedures on-site and prevent fraudulent access to the network.
A Business Guide to: Passwords
A mandatory part of any organisation’s relationship with its employees is the requirement to set up a secure password, which […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources