Safe Password Practices

BY JAMES F. LEON

Editor's note: This is a Web-exclusive exhibit for "Password Management Strategies for Safer Systems."

  Advise users to never put their password on a Post-it Note or in another unsafe location.

  Prohibit users from including a clear-text password in an e-mail message.

  Require users to consult a manager when an unfamiliar person asks for a password via e-mail or over the phone.

  Tell users to always say “No” when Windows or any other software offers to save their password.

  Require all employees to change their password at least every one to two months.

  Lock out of the system any user who has been unable to log on after three attempts.

  Store salt values and passwords in separate system tables.

Also read these other Web-exclusive exhibits:
Offense and Defense
Glossary of Key Terms

 

SPONSORED REPORT

Click-through nexus: Pushing the boundaries of sales tax compliance

Sales and use tax compliance has been complicated by nexus expansion. In this report, we provide an overview of this issue and include a handy state-by-state summary of click-through nexus or notification requirements.

QUIZ

News quiz: Making allowances for the kids and the economy

Recent news gives CPAs insight into Americans’ attitudes about children and money and gauges outlook on the economy. See how much you know about recent news and reports with this quiz.

CHECKLIST

Auditing risks in culture

Cultural flaws can seriously damage an organization. Here’s how internal auditors can reduce risks by embedding culture audits into existing audit programs.