Posts Tagged ‘password audit’

Why you should crack your passwords

Friday, February 19th, 2010

Computer security audit

Your organization probably has a written password policy. Accordingly you also have different technical implementations of that policy across your various systems. Most of the implementations does not match the exact requirements or guidelines given in the written policy, because they cannot be technically implemented.

(more…)

Officers of Indian Customs To Be Punished For Password Breach

Wednesday, June 3rd, 2009

The Central Board of Excise and Customs of India claimed that compromised passwords are the biggest threat to system security. Despite elaborate instructions on passwords, which all employees are supposed to follow, “instances of password compromise continue to recur with unfailing regularity”, an unnamed official says.

Sharing of passwords was identified as one of the main reasons of unauthorized access and information leakage. According to CBEC representative, officers who share their passwords with others should “be regarded as being in collusion in the fraud that results”. To prevent insecure use of passwords CBEC plans to introduce a set of measures, including disciplinary action and even dismissal from the Government service.   

Penalty threat may not be the most effective solution. In case of password breach, complex countermeasures are required, and regular password audit is a significant part of it. If it is required that users change their passwords every 30 days, then system administrators have to perform password audits with the same regularity. There is a lot of both free and commercial auditing tools that allow to check password security.

Source: Business Line