Insulating Poor Usability With Password Policy
If you are worried about hackers and the security of your multiple accounts in various websites and company systems, there is a good reason to worry. With people, businesses and all kinds of organizations around the world trying to establish an online presence, there is an immense challenge among hackers to try and pry open portals to these sites and networks by cracking your password. Whatever is their motivation, the bottom line is that, your account becomes the entry point of these hackers unduly exposing all the information there. This is the primary reason why organized companies ensure the security of their digital information by enforcing a Password Policy.
A password policy is a collection of rules deliberately designed by companies to heighten computer security. This is done by imposing these rules on each and every user of the company system that serves as a possible entry point for illegitimate external attacks. The policy intends to encourage users to create strong passwords and change them often. The imposition of the policies is typically adopted as part of security awareness training that is done either through advisory or mandated technical means.
Here are the usual concerns that password policies try to adequately cover:
1. Password Strength
•Usually policies require a minimum length for passwords, though eight characters is common. Some want to make it longer, but not longer than 14 characters. In some rules, a specific number of characters are required for compatibility with legacy systems.
• To ensure the strength of passwords, policies may include the use of both upper- and lower-case letters, use of special characters and some numbers.
• Policies may disallow the use of passwords found in the dictionary, proper nouns, brand names and those that match common or personal numbers like birthdates, plate numbers, etc.
2. Periodic Changing of Passwords
• Password policies can require users to periodically change passwords. This is a common strategy to fight hacking, but it may also impose difficulty when the date for the expiration is too close.
• The risk with often changing of passwords is the tendency to end up with weaker passwords. To avoid the repetition of passwords, policies may impose keeping a password history. Better yet, the users can be provided with a tool like password managers that allow generation of new passwords too while keeping a password history and easy retrieval as well as access.
• The use of a tool also circumvents the need for passwords to be memorized because the password manager can also allow automatic logging into the networks and accounts.
• In lieu of the tendency for periodic changing of passwords to lead to weak passwords, certain companies enforce a password policy that requires users to create strong passwords that is almost unhackable. The only drawback is when an unauthorized person gets the password and uses it without detection. The hacker can use it almost indefinitely.
3. Enforcing Best Practices for Password Management
• The password policy must be simple, practical and easy to remember. Complex policies are harder to enforce.
• A study on policies revealed that stringent polices "do not have greater security concerns; they are simply better insulated from the consequences from poor usability."
• Violations of these policies may include sanctions that may start with light warnings to stronger reprimands entailing possible loss of computer privileges or job termination. Because confidentiality is mandated by law, a violation of the policy can be regarded as a criminal offense.
Protecting a password is important in the face of too many threats in the cyber world. Hackers have different motivations, but whatever is the reason, unlawful hacking can always cause unpredictable disruptions in an operation or at the very least expose critical information. This is why companies create and enforce password policy.
