Information Security Password: Keep It Safe! The UGA Password Policy specifies that the protection of information systems and infrastructure are compromised by bad password management or construction. One can minimize these risks by requirements for password creation and managing.
Target
This paper outlines the appropriate requirements for creating and maintaining passwords.
Area of implementation
This standard extends to passwords for all computing accounts on all network infrastructure. For instance, universities and the owners of those accounts. As well as system managers and engineers managing or developing applications involving authentication passwords.
Building Password
Minimum Length of Password
The passwords must contain at least 10 characters with a combination of alphanumeric and basic characters. Further, the maximum number of characters permissible by this system is 10 passwords characters.
Composition of passwords
No well-known or widely posted identity details are useful for passwords. Since, Names, usernames like MyID and ID numbers like 81x or UGAID are all very typical examples of IDs that can not use as passwords.
Management of Passwords
Storage Password
Keep all Passwords and never written or registered along with details or user names of the respective account.
Unencoded programming programs like email do not recall passwords. They can use the program with protected password storage, but it must pay intense attention to securing access to this application.
Past of Password
The re-use of the last 5 previously used passwords is a big No for consumers.
Reuse of Login
We shall take respect to avoid compromising the protection of several programs or services by a single username/password. For any other non-UGA accounts and service, the username and password(s) used for your UGA accounts, never re-use any password.
Share and Transfer of Passwords
Unless a user obtains sufficient authorization to do so, credentials are not exchanged or shared with other users.
If it is necessary to disseminate written passwords, they must take adequate steps to avoid unauthorized access to the password. For starters, destroy the record after you have memorized the password.
When sending a password verbally to an appropriate user, take steps to discourage unauthorized persons from overhearing the password.
Transmission of electronics
Using unsecured means, passwords shall not be electronically shared via the Internet. Security protocols such as IMAPS, FTPS, HTTPS, etc. use these instead.
System Management Specifications
Apply Admin Codes
They do not set systems to allow user connection without a password. We shall give exceptions where these machines are designed to public user accounts and have highly limited (e.g. site only) permissions segregated from the administrative account(s) for specific devices such as public access kiosks.
Protect from Hacking Password
System operators shall harden their applications by implementing fair measures to minimize “brute power” password attacks to discourage password cracking. For example, after many unsuccessful login attempts, several systems lock an account for a few minutes, or detect where an attack is made and prevent further attempts from that spot, or a minimum warning in real-time that an attack is under way to allow manual actions.
Logging
To record successful and unsuccessful login attempts, realistic procedures shall be in effect.
Password update after disclosure or compromise
The system administrators must reset user accounts passwords in a timely manner. Further, force users, to discontinue use of the password. Besides, it is a concern for improper use of computing accounts or services. They must reset their own passwords. These include: leakage of an unauthorized person’s password, and detection of an unauthorized person’s password. Similarly, system compromising (unauthorized access to a system or database); and unsecured password transmission. Further, it can be the removal of a user on the network by another individual having access to the same account.
