Editor's note: This is a Web-exclusive exhibit for "Password Management Strategies for Safer Systems."
Advise
users to never put their password on a Post-it Note
or in another unsafe location.
Prohibit
users from including a clear-text password in an e-mail message.
Require
users to consult a manager when an unfamiliar person asks for a
password via e-mail or over the phone.
Tell users to always say “No” when Windows or
any other software offers to save their password.
Require
all
employees to change their password at least every one to two months.
Lock out
of the system any user who has been unable to log on after
three attempts.
Store salt values and passwords in separate system tables.
Also read these other Web-exclusive exhibits:
Offense
and Defense
Glossary
of Key Terms
