- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Inadequate Password Policies Can Lead to Problems
- Abstract
- This paper explores how, overall, the security administrator's duty is to reasonably ensure the security of the network, and how he/she can do this by setting policies commensurate with the risks of losing data, financial damage, theft of information, public embarrassment and/or reduction in share/stake-holder value. The administrator should set policies to cover how passwords are stored, how they are changed, the frequency at which they should be changed, and the fiduciary duties of the users, management and network administrators. Once clearly communicated, the password policies work toward a good start to security in the workplace.