A static password is the most common and easiest to manage authentication technique. The password represents the keys to the kingdom, yet it is frequently abused by people in the name of convenience. It has been bemoaned in each of the recent high-profile thefts that have disclosed user credentials that the most frequent passwords are still: 123456, password, and qwerty.
A weak password is one that is short, common, a system default, or anything that can be quickly guessed by performing a brute force assault on a subset of all possible passwords, such as dictionary terms, proper names, words based on the user name, or popular variants on these themes.
Implement a robust password policy. Allow no weak passwords or passwords made up of dictionary terms.
Best practices for password policy
- Set a minimum password length.
- Enforce a password history policy that requires at least 10 prior passwords to be remembered.
- Set a password expiration date of three days.
- Passwords for service accounts should be reset once a year during maintenance.
- Use strong passwords with at least 15 characters for domain admin accounts.
- Set up email alerts for password expiry.
- Instead of modifying the default domain policy settings, it is advised that granular audit policies be created and linked to specific organizational units.
- Individual user accounts, not groups, must be supported by enterprise applications.
- To guarantee that passwords are not cracked by hackers, enterprise apps must encrypt passwords that are stored and communicated.
- Users (and programs) must not store passwords in plain text or in any easily reversible form, and they must not send passwords over the network in clear text.
- To reduce the security risks of stolen and mismanaged passwords, use multi-factor authentication (MFA) wherever possible.
- Change the passwords on workers’ accounts when they depart the company.
- Be mindful of how passwords are sent over the Internet. URLs (web addresses) that begin with “https://” rather than “http://” are more likely to be password-secure.
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.