From the desk of Christopher M. Edwards
Memorandum 11.2
Password Security
Members of the board:
As you are all aware, last week we had a major security breach into our company. After looking into it further we have discovered that the breach was caused by an employee that had used her daughter's birth date as her password. In Memorandum 11.1 I had warned against using such passwords because they are among the easiest to hack. Anyone that has access to personal information can use methods of deduction to decipher common passwords such as birth dates, hobbies, or anniversaries. It is in my professional opinion that we need to take further steps to prevent future breaches into our company.
By changing certain features that are stored in the password protection files we can make it to where passwords have to meet certain parameters in order to be used. If these changes are implemented we can require passwords to be at least certain length, that they are not words found in a dictionary, and that they have a variety of lowercase, uppercase, symbols and numbers.
Other features can be altered to change how long the password is good for. This makes sure that an employee is changing their password often enough that if someone does hack into the system using a known password, that password is only good for so long before it must be changed again. We can also make it to where you can not use the same password within a certain time period. If you have used the password within a given number of changes you will not be able to use it again until a sufficient period of time has elapsed.
If we make these changes it will go a long way towards maintaining our companies internal and external security, as well as giving piece of mind to everyone that our information is secure.
Thank you,
Christopher M. Edwards
Network Manager
Memorandum 11.2
Password Security
Members of the board:
As you are all aware, last week we had a major security breach into our company. After looking into it further we have discovered that the breach was caused by an employee that had used her daughter's birth date as her password. In Memorandum 11.1 I had warned against using such passwords because they are among the easiest to hack. Anyone that has access to personal information can use methods of deduction to decipher common passwords such as birth dates, hobbies, or anniversaries. It is in my professional opinion that we need to take further steps to prevent future breaches into our company.
By changing certain features that are stored in the password protection files we can make it to where passwords have to meet certain parameters in order to be used. If these changes are implemented we can require passwords to be at least certain length, that they are not words found in a dictionary, and that they have a variety of lowercase, uppercase, symbols and numbers.
Other features can be altered to change how long the password is good for. This makes sure that an employee is changing their password often enough that if someone does hack into the system using a known password, that password is only good for so long before it must be changed again. We can also make it to where you can not use the same password within a certain time period. If you have used the password within a given number of changes you will not be able to use it again until a sufficient period of time has elapsed.
If we make these changes it will go a long way towards maintaining our companies internal and external security, as well as giving piece of mind to everyone that our information is secure.
Thank you,
Christopher M. Edwards
Network Manager
1 comment:
Well put.
Post a Comment