Posted by: Ken Harthun
Password best practice, Password Management, Threat mitigation
After a bit of a hiatus on my studies for various certifications, I have gotten back into the swing of things and found a bit of wisdom that I wanted to share. From a Network Admin perspective, here are five essential password policies that will help you mitigate the threat of password attacks on your network:
- Do not allow the same password to be used on multiple resources. If an attacker manages to get one password, he will then have them all if the same password is used on more than one resource.
- Lockout a user account after a set number of failed login attempts. This defeats brute force password cracking attempts.
- Do not allow cleartext storage of passwords. Self-explanatory.
- Use strong passwords. Repeat: use strong passwords. Alternative: encourage passphrases. “mykittenpreferswhiskas” is very unguessable, but easily remembered.
- NEVER, NEVER, NEVER allow default passwords to remain on devices on your network. “Admin/admin” is too easy and is one of the first things a cracker will try. On any new device, immediately change the default username and password.
Seriously, these are so obvious that I haven’t even written about them all in one post before. I confess that I have sometimes forgotten one or more of them.
Don’t get complacent. Fix these now.