Writing a Password Policy
Passwords have been around for as long as the internet has, and if you count your ATM pin codes, even longer. They were used in Roman times and were critically important in the Battle of Normandy…a battle my father fought in. Here is an interesting snippet from Wikipedia.
Passwords in military use evolved to include not just a password, but a password and a counterpassword; for example in the opening days of the Battle of Normandy, paratroopers of the U.S. 101st Airborne Division used a password—flash—which was presented as a challenge, and answered with the correct response—thunder. The challenge and response were changed every three days. American paratroopers also famously used a device known as a “cricket” on D-Day in place of a password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply. (click for full article)
We use passwords for our home alarm systems, to get into our bank accounts, and to retrieve email. They secure our 401K’s, tax returns and photo libraries. They are important. And increasingly so as we personally, and as non-profit organizations are under constant attack by those who’d love to get into our stuff. But how many of us know how to write a strong password security policy? If you are responsible for your organizations security, you need to know.
Password Policy Template
I ran across an excellent blog post over the weekend that should help your thinking when crafting a good password policy for your ministry team or faculty. It was called Password Policy Template, but it offered more than just that. Some of the key takeaways include:
- Password Creation
- A password should be unique, with meaning only to the employee who chooses it.
- Employees must choose unique passwords for all of their company accounts, and may not use a password that they are already using for a personal account.
- All passwords must be changed regularly, with the frequency varying based on the sensitivity of the account in question.
- Protecting Passwords
- Employees may never share their passwords with anyone else, period!
- Employees must refrain from writing passwords down and keeping them at their workstations.
There were other nice tips there as well. Read the article for more.
Complex Password Generators:
- Sorry, But Your Browser Password Manager Probably Isn’t Enough (Wired)
- Geeky goodness about password strength from Wikipedia
Leave a ReplyWant to join the discussion?
Feel free to contribute!