Monday, January 7, 2013

Password Management

This can be done in a centralised or decentralised manner. The advantage of a decentralised model is that in the case of lost passwords etc, the person on the IT helpdesk is more likely to be able to make a positive identification of the individual.

The IT department should create minimum standards for
  • minimum password length
  • the number of previous passwords stored to avoid their re-use
  • obvious passwords which may not be used (if a dictionary checker is not in use)
  • password life
  • the number of access attempts allowed before a user is disconnected
These can be flexed according to the security needs of the system.