Thursday, February 25, 2021

Password and its Management

Password and Password Management

In day to day digital world, we everyone are associated with the term “Password”. Some say, its same as your Toothbrush, “Never ever share it”. Now a days we have multiple accounts at multiple services, such as Banking, email service, social networking, education, etc. where we are associated with using USERID and PASSWORD. Both are always Important and should be confidential to keep with self. Passwords are nothing but a set of strings set by users during the authentication process.

It was initially for memorize and use when prompts. If you share your password or mishandle or someone stole it and mis utilizes, then the security threat arises including a huge damage or loss.

A password is set of characters, numerical letters and symbols. We all should take serious attention towards the password management. A password must be complex in nature so that it could be difficult to guess.  Do not simply keep your passwords simple as name, date of birth, mobile number etc. They are most vulnerable to guess and easy to hack through social engineering. During a brute force attack, an attacker tries to crack the password with multiple times and multiple try with possible strings as per his/her experience and knowledge.

As well it is always advisable to avoid the below type of passwords which are considered as most common and easy to guess.

Password

  • 123456
  • 999999
  • 000000
  • Delete
  • Mysecret
  • 111111111
  • 123123
  • Iloveyou

Some of the good password managers as per some global security researchers as mentioned below;

  • Bitwarden
  • 1password
  • KeePassXc
  • Keepass
  • Enpass.io
  • Zoho Vault
  • Dashlane

There shall be some password management policy that need to be documented by an organization. As per ISO 27001:2013, Control A9.4.3 Password Management Systems shall be interactive and shall ensure quality passwords. 

Some sample password management policy;

  • All password must contain minimum 8 characters (alphanumeric).
  • It should contain atleast two numeric.
  • It should contain special characters.
  • It should not be a single character out of dictionary.
  • Password can not be easily guessed personal information such as name, date of birth, mobile number, vehicle number, etc.
  • Passwords should not be shared over public internet or messaging services.
  • Avoid same password for multiple accounts.
  • No one should write down password at any paper or board at workplace or home.
  • Every password should be special that does not match the history of same password.
  • If any user fails to login with the wrong password, it should be locked after 3 trials atleast.
  • Two factor authentication can be used to add additional layer on accounts including basic password.

-DR



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Basics of Ethernet
    Ethernet   Ethernet is the Media access method in a network where all the device or hosts , that share data or share the bandwidth in betw...
  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • General IT Controls -ITGC & GTAG
    General IT Controls (GITC or ITGC) Information Technology General Controls is a type of internal controls which is combined a set of policie...