Password Management

In view of the above, it is virtually ineffective if people do not protect what should ordinarily be known to them alone.

Some basic policies on password management are as follows:

a) Make it as meaningless and as memorable as possible.

b) Use lower and upper cases plus special characters.

c) Make it a minimum of six characters and maximum of eight.

d) Change it regularly.

e) Never divulge it to anyone, not even your wife.

f) Do not write it down (e.g sticky notes on monitor or under keyboard or around your desk) hence, why it must be memorable. There is a program in place which can allow an end user of a system to be authenticated once at the time he is accessing the system, and thereafter, he needs not provide any ID and passwod to access other network resources, this is refered to as "A Single Sign-On" Password management program.

For more on this, go to A Single Sign-On Password

g) Do not use nicknames, birthday, same with your children’s information.

h) When it is to be distributed, where necessary, it should be handled with strictest confidentiality.

i) When stored (e.g for organisation) on a computer, it should be encrypted with not easily cracked bit number (128 digit).

j) The non-printing, password suppression feature should be used on all terminals to prevent the display of a User-ID and/or password at logon on.

k) Adequate training on the need for proper keeping of passwords should be given to employees.

l) System software should disable the user identification after three consecutive attempts.

m) System software should maintain a history of at least two previous passwords and prevent their use.

n) System software should be able to compare and recognise a password that has up to 75% of the content of any two previous passwords and reject it.

o) There should be a policy for reissuing forgotten passwords and it must be captured as part of the reports of the Helpdesks.