Safe Password Practices


Editor's note: This is a Web-exclusive exhibit for "Password Management Strategies for Safer Systems."

  Advise users to never put their password on a Post-it Note or in another unsafe location.

  Prohibit users from including a clear-text password in an e-mail message.

  Require users to consult a manager when an unfamiliar person asks for a password via e-mail or over the phone.

  Tell users to always say “No” when Windows or any other software offers to save their password.

  Require all employees to change their password at least every one to two months.

  Lock out of the system any user who has been unable to log on after three attempts.

  Store salt values and passwords in separate system tables.

Also read these other Web-exclusive exhibits:
Offense and Defense
Glossary of Key Terms



News quiz: College debt, stolen identities, and retirement planning

See how much you know about these developments and others in the Journal of Accountancy news quiz.


Preventing and detecting fraud at not-for-profits

Organizations in all industries must deal with the potential for fraud to occur, and design controls to prevent and detect it. Environment, policies, and controls can help organizations steer clear of problems.


The dangers of dabbling

To meet evolving marketplace needs, CPAs often look to diversify their service offerings. Firms can mitigate the risk of experiencing competency-related professional liability claims by implementing these basic steps.