Safe Password Practices

BY JAMES F. LEON

Editor's note: This is a Web-exclusive exhibit for "Password Management Strategies for Safer Systems."

  Advise users to never put their password on a Post-it Note or in another unsafe location.

  Prohibit users from including a clear-text password in an e-mail message.

  Require users to consult a manager when an unfamiliar person asks for a password via e-mail or over the phone.

  Tell users to always say “No” when Windows or any other software offers to save their password.

  Require all employees to change their password at least every one to two months.

  Lock out of the system any user who has been unable to log on after three attempts.

  Store salt values and passwords in separate system tables.

Also read these other Web-exclusive exhibits:
Offense and Defense
Glossary of Key Terms

 

CHECKLIST

Boost your LinkedIn profile

LinkedIn is No. 1 when it comes to business-related social media. Be prepared when an unexpected career opportunity arises by following these tips for keeping your LinkedIn page current.

PRACTICE MANAGEMENT

Millennial women: How to woo a new generation of employees

Ambitious, educated, and tech-savvy, Millennial women make ideal employees. Win them over with flexibility and clear paths to advancement.

PROFESSIONAL ISSUES

Belicia Cespedes: A CPA at 17

Through hard work and determination, Belicia Cespedes earned the credential before she was even eligible to vote.