• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

    8. Use Strong Passwords and Change Them Regularly

     

     

    Passwords are the first line of defense in preventing unauthorized access to any computer. Regardless of type or operating system, a password should be required to log in. Although a strong password will not prevent attackers from trying to gain access, it can slow them down and discourage them. In addition, strong passwords, combined with effective access controls, help to prevent casual misuse (e.g., staff members pursuing their personal curiosity about a case even though they have no legitimate need for the information).

     

    Strong passwords are ones that are not easily guessed. Since attackers may use automated methods to try to guess a password, it is important to choose a password that does not have characteristics that could make it vulnerable.

     

    Strong passwords should not include:

     

    • Words found in the dictionary, even if they are slightly altered (e.g., replacing a letter with a number)

     

    • Personal information such as birth date; names of self, family members, or pets; social security number; or anything else that could easily be learned by others. Remember: If a piece of information is on a social networking site, it should never be used in a password.

     

    Below are some examples of strong password characteristics:

     

    • At least eight characters in length (the longer the better)

     

    • A combination of upper case and lower case letters, one number, and at least one special character, such as a punctuation mark.

     

    9 http://healthit.gov/sites/default/files/Access Control Checklist.pdf

     

     

    Finally, systems should be configured so that passwords must be changed on a regular basis. While this may be inconvenient for users, it also reduces some of the risk that a system will be easily broken into with a stolen password.

     

    Passwords and Strong Authentication

     

    Strong, or multi-factor, authentication combines multiple different authentication methods, resulting in stronger security. In addition to a user name and password, another authentication method is used (e.g., a smartcard, key fob, or fingerprint or iris scan).

     

    Under federal regulations permitting e-prescribing of controlled substances, multi-factor authentication must be used.

     

    What about forgotten passwords?

     

    Anyone can forget a password, especially if the password is long. To discourage people from writing down their passwords and leaving them in unsecured locations, plan for password resetting. This could involve 1) allowing two different staff members to be authorized to reset passwords; or 2) selecting a product that has built-in password reset capabilities.

     

    Download Password Checklist10

     

     

    10 http://healthit.gov/sites/default/files/Password Checklist.pdf

     

    Password Checklist

     Policies are in place prescribing password practices for the organization.

     All staff members understand and agree to abide by password policies.

     Each staff member has a unique username and password.

     Passwords are not revealed to or shared with others.

     Passwords are not written down or displayed on screen.

     Passwords are hard to guess, but easy to remember.

     Passwords are changed routinely.

     Passwords are not re-used.

     Any default passwords that come with a product are changed during product installation.

     Any devices or programs that allow optional password protection have password protection turned on and in use.

     

     

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More