Nov 17, 2011

How much attention do you pay to the passwords used by your company's employees?

Do you guide employees at your company on the creation of passwords? There is a fair amount of mixed use of laptops at my office, since people are allowed to take them home and we don't have any strict policy about personal/business use beyond restricting downloads of applications. Songs, video, email are all fine for people to use on their work laptops. Most of the data on those laptops that is of the sort that we would not wish compromised is either in spreadsheets or email conversations. After reading about how weak common passwords are, I'm not so sure that I want to continue to leave it up to the individual. Do you have a hand in creation of passwords at your office, and if so do you just offer guidance or mandate use a password manager?



Not enough, judging from this year's SplashData ranking of top stolen passwords posted by hackers:

1. password

2. 123456

3. 12345678

4. qwerty

5. abc123


Hard to believe people actually rely of such weak passwords, but there you go.  


I would suggest that you encourage your employees that use personal password try out a password generator.  There are a lot of choices, but here is an easy one: http://www.pctools.com/guides/password/


Hi RomanZ,

Here's a helpful guide on passwords. You might find this helpful. I think some sort of guidelines are very important since most employees will be clueless about the necessity of password security.

Information Technology Security Password Guidelines

Passwords are a critical part of information and network security. Passwords serve to protect user accounts but a poorly chosen password, if compromised, could put the entire network at risk. As a result, all employees of The College of New Jersey should take appropriate steps to ensure that they create strong, secure passwords and safeguard them at all times. The purpose of these guidelines is to set a standard for creating, protecting, and changing passwords such that they are strong, secure, and protected.

These guidelines apply to all employees of the College who have or are responsible for a computer account, or any form of access that supports or requires a password, on any system that resides at any College facility, or has access to The College of New Jersey's network.

What is a password? Your computer password is your personal key to a computer system. Passwords help to ensure that only authorized individuals access computer systems. Passwords also help to determine accountability for all transactions and other changes made to system resources, including data. If you share your password with a colleague or friend, you may be giving an unauthorized individual access to the system and may be held responsible for their actions. What if the individual gives your password to someone else? What if some of your files are deleted or otherwise rendered unusable? Are you willing to take the blame if an unauthorized individual uses your access privileges to damage the information on the system or to make unauthorized changes to data?

Authentication of individuals as valid users, via the input of a valid password, is required to access any shared computer information system. Each user is accountable for the selection, confidentiality and changing of passwords required for authentication purposes. Since you are responsible for picking your own password, it is important to be able to tell the difference between a good password and a bad one. Bad passwords jeopardize information that they are supposed to protect. Good ones do not."
Answer this