Spacer
Spacer
BGSU
HomeAcademicsAdmissionsThe ArtsAthleticsLibrariesOffices
Spacer
Spacer Spacer
Top Nav   Office of the Chief Information Officer
Cross Hatch

Office of the Chief Information Officer

Welcome

About Us

ITS - Information Technology Services

IMS - Instructional Media Services

Student Tech

Office of Web Development

BG@100

Projects and Strategic Initiatives

Quick Reference

Newsworthy

Feedback

Office of the CIO Policies

Fraud Notice

CIO-Alerts and CIO-Inform email & PGP Public Keys
No Banner
Spacer Connect August 2005 Security Article Spacer
 

Password Management - A Necessity

by Kent Strickland

In spite of technology advances, passwords continue to be a popular protection mechanism due to relative ease of implementation and use.

 

With more people using more computer-based and network technologies, both at home and work, with more sensitive information at stake, and in the midst of an Internet environment that is ripe for identity theft, effective password management disciplines are more necessary than ever.

 

The following guidance on password use is from the ISO/IEC 17799:2005 Code of Practice for Information Security Management.

 

USERS ARE ADVISED TO:

 

  • keep passwords confidential;
  • avoid keeping a record (e.g. paper, software file or hand-held device) of passwords, unless this can be stored securely and the method of storing has been approved;
  • change passwords whenever there is any indication of possible system or password compromise;
  • select quality passwords with sufficient minimum length which are:

      >easy to remember;

      >not based on anything somebody else could easily guess or obtain using person-related                 information, e.g. names, telephone numbers, and dates of birth;

      >not vulnerable to dictionary attacks (i.e. do not consist of words included in dictionaries);

      >free of consecutive identical, all-numeric or all–alphabetic characters;

  • change passwords at regular intervals or based on the number of accesses (passwords for privileged accounts should be changed more frequently than normal passwords), and avoid re-using or cycling old passwords;
  • change temporary passwords at the first log-on;
  • not include passwords in any automated log-on process, e.g. stored in a macro or function key;
  • not share individual user passwords;
  • not use the same password for business and non-business purposes.

 

The above disciplines are especially important when the same user id and password are used to access multiple systems.  Keep in mind that if you maintain a personal Web site or online journal where information about you is publicly available-such as interests or hobbies-that information could be used by attackers to guess your passwords.

 

For additional information, security advice and policies see www.bgsu.edu/its/security/advice/tips/page11126.html

 

 

  
Spacer
 
Spacer Spacer
Spacer
Spacer
Spacer
Spacer
Bowling Green State University  |  Bowling Green, OH 43403-0001  |  Contact Us  |  Campus Map  |  Site Map  |  Accessibility Policy (PDF Reader)
Spacer