Safe Password Practices

BY JAMES F. LEON

Editor's note: This is a Web-exclusive exhibit for "Password Management Strategies for Safer Systems."

  Advise users to never put their password on a Post-it Note or in another unsafe location.

  Prohibit users from including a clear-text password in an e-mail message.

  Require users to consult a manager when an unfamiliar person asks for a password via e-mail or over the phone.

  Tell users to always say “No” when Windows or any other software offers to save their password.

  Require all employees to change their password at least every one to two months.

  Lock out of the system any user who has been unable to log on after three attempts.

  Store salt values and passwords in separate system tables.

Also read these other Web-exclusive exhibits:
Offense and Defense
Glossary of Key Terms

 

SPONSORED REPORT

How to audit high risk areas

Revenue recognition, internal control over financial reporting, accounting estimates and going concern are areas of audit that have emerged as particularly challenging and complex.

NEWS

Revenue recognition revisited

A reexamination of new revenue recognition rules has led to tinkering with the standard that is considered the biggest achievement of the convergence efforts of FASB and the International Accounting Standards Board.

INTERVIEW

Staying focused at the top

Olivia Kirtley, CPA, CGMA, an accomplished corporate director with almost 20 years of experience serving on boards, talks about strategic, risk, and compliance issues that keep board members up at night.