Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Management

From: nightwatchman () comcast net
Date: 21 Apr 2006 18:13:45 -0000
Passwords should:

1.)  change every 90 days

2.)  contain atleast a combination of 3 classes of characters i.e. one or more uppercase, lowercase, non alpha numeric, 
and numeric.

3.) not be the same as the person's name, address or birthday or easily guessed from a person's personal information.  

4.) not be written down.

5.) difficult to guess but easy to remember - phrases with substituted character classes seem to be easy to remember 
and work best for this.  

6.) should not be stored unencrypted

7.) centrally managed in an authentication system.

8.) they shouldnt be shared with other users. 

Service accounts ofcourse aren't subject to the 90 day limit.



-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: