Page 33 - index
P. 33
The Need for Passwords
The password is clearly a critical aspect of the Windows security model and infrastructure.
Without a password, a computer hacker would only need to know the username to access the
Windows environment. As a result, corporations are effectively forced to put restrictions on
passwords to make them hard to hack because passwords are the key to securing the Windows
environment and related network resources.
Most organizations put a variety of password requirements in place for all user accounts. These
requirements typically include the following parameters:
• Password history – This forces users to use unique, successive passwords. A typical
corporation will require 24 unique passwords before a password can be recycled.
• Maximum password age – This forces users to change their passwords after the
maximum age is reached. A typical age for a password is between 60 and 90 days.
• Minimum password length – This forces users to have at least “X” characters in their
passwords. A typical minimum number of characters for a password is seven.
• Password complexity – This forces users to include different character types in their
passwords. Four different types of characters can be in a password: uppercase letters
(A), lowercase letters (a), numbers (1) and special characters (!). Password complexity
typically requires users to include at least three of the four character types.
When looking at the typical password requirements for a corporation, it is no wonder employees
complain about the password restrictions. Employees often complain they have to change
passwords too frequently, forcing them to come up with a method to remember all of them. As a
result, employees will devise resourceful approaches to remember their passwords, including:
• Using the same password for the various computing systems and environments. This
might include Windows, UNIX, SQL, email, social media and online banking.
• Writing their passwords down in a secure — or sometimes far less secure — location.
• Sharing their passwords with a colleague for access to resources while on vacation, at a
conference or training seminar, or at lunch.
Since passwords provide a security barrier, those approaches pose a threat to the underlying
control that the password provides to the Windows environment. Many of the attacks and hacks
on Windows networks today rely on the fact that users will incorrectly manage and construct
their passwords, making the attacks easy and highly likely.
33 Cyber Warnings E-Magazine – January 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
