Search:

10 Guidelines for Managing Passwords in the Enterprise

Today the world is totally dependent on information technology, and many corporations struggle to effectively manage and store passwords securely for their employees. Every other day you hear of large companies exposing customer account details to non-intended audiences, due mainly to poorly managed IT systems and processes. The confidentiality and integrity of sensitive data is paramount to the operations of any size business, and the following guidelines should be considered when choosing any type of electronic password management system (PMS).

1. Remove the need for employees to remember passwords, or even worse, write them down
A key cause of bad password management practices is many employees don’t have a system in which to records their passwords, resulting in them having to either remember them, or write them down and store them in an unsecure manner. The password management system (PMS) must provide adequate functionality, removing the need for employees to remember passwords.

2. Centralize the management of passwords
Centralization of an organization’s passwords is the first step in gaining control of the IT accounts used to operate their business, otherwise there is no visibility or governance of their usage.

3. Ensuring the integrity of sensitive data

To ensure the integrity of data stored in an electronic PMS, there are a few key things to consider:
a ) Passwords should be encrypted with 256bit AES encryption, and a unique Initialization Vector used for every install
b ) Users should authenticate against the PMS using their Microsoft Windows domain account credentials
c ) PMS must provide the option to use two-factor authentication for the user(s) who administer the system
d ) Sensitive code of the PMS should be obfuscated, to prevent reverse engineering by system or web administrators
e ) PMS must mitigated against system or database administrators granting themselves access to unauthorized data

4. Make the passwords easily accessible

Users must be able to get to the PMS from any location, must not rely on any client installs, and must give them quick and easy access to their passwords.

5. Must promote the use of strong passwords

The PMS must promote the use of strong passwords, of which the policy for password strength is set by the administrator(s) of the system. Visual representation of password strength must be available when entering passwords, or when reporting against, so the user is constantly reminded if a password’s strength is poor.

6. Must promote regular resetting of passwords

A key component of bad password management practices is not resetting passwords at regular intervals. The PMS must have one or more options for reminding users that passwords are about to expire.

7. Must be portable and recoverable

There is little use centralizing your organization passwords if you’re unable to get to them in case of a disaster. The PMS must provide the mechanism by which all passwords can be exported to a separate file, to be stored outside of existing IT systems – preferable with trusted security personnel.

8. Changes must be traceable and auditable

All large organizations require governance over access to IT systems, and its imperative the PMS must support traceability of all events within it, and must be easily reportable. This applies to standard usage by employees, or administration of the PMS.

9. Must be scalable
If you intend to implement an enterprise class PMS, its crucial the system can scale with your organization, otherwise your investment (time and money) may be wasted.

10. Must be simple to use

As with any IT system, acceptance by its audience is crucial to its success. Provide users with a poorly designed interface, and you will meet resistance at every step. To successfully employ a PMS and realize the benefits it can bring, the PMS must be very simple to use and provide the user community with sound help documentation if required.

Article Source: http://www.mycontentbuilder.com

Mark Sandford is author of this article on Secure Password Management. Find more information about Passwordstate here.

Please Rate this Article

Not yet Rated

Click the XML Icon Above to Receive Software Articles Via RSS!

Additional Articles From - Home | Computer | Software

Become a superhero with sensors - By : Alan Brooks
Choosing an AutoPlay Multimedia Software Development Tool - By : Colin Adams
The perfect application for ardent text messaging fans like you - By : Iren Birken
3 Ways to Install Joomla Content Management System - By : Roberto Bell
Keep step with the up-to-date SQL Schema Sync API! - By : Tatyana Ufimskaya
Backdoor Trojans - How To Remove Them - By : Kelvin Tenner
Backdoor Trojans - How To Remove Them - By : Kelvin Tenner
How to Fix DLL Errors Easily And Safely - By : Kelvin Tenner
Do Registry Cleaners Really Work? What Do They Do? - By : Kelvin Tenner
Fixing the Windows Registry For Optimal Performance - By : Kelvin Tenner

	Print This Article
	Add To Favorites
	Email to Friends
	Ezine Ready

Top Authors
Most Popular Articles
Ezine Notifications
Article RSS Feeds
Contact Us
About Us
Link to Us