NSBM Green University

Faculty of Computing
Foundation Program – Stage 02

NSBM_CFP_1211 Network Fundamentals

Isuru Sri Bandara

Final Assignment

KADR Dulmin – 21427 (Conclusion, Reference, Finding Resources)

KRDR Kannangara – 21790 (First 4 Practices)
HWH Sandipa – 20906 (Next 4 Practices)
UGTD Jayawardena – 21074 (Final 4 Practices)
SDRV Senadhipathirage – 21456(Introduction)
Abstract
Password policy refers to the entire life cycle of passwords. Password policy practices
are used to prevent security threats. These password policies have been introduced by the
Nation Institute of Standards and Technology (NIST). According to the research we’ve done,
following password policy practices are the best we can find in the present. Encouraging
employees to use unique passwords because, Insisting on complex or long passwords. Use of
Multi-Factor Authentication (MFA), Forbidding password sharing, Training the staff on
password policy practices, Passwords should be changed occasionally, etc. Since phishing
remains the most famous hacking technique, by following these password policy practices, a
company can prevent data breaches or the chance of getting data stolen. In order to assess the
quality of password policies, Company's IT security managers and policymakers must go beyond
password syntax. It is crucial for businesses and their user communities to be aware of common
password dangers and effective practices.

Introduction

Passwords are omnipresent in our personal and business environments. Normally

an average person has around 100 passwords to remember for various accounts, and it is
practically impossible to memorize unique, complex passwords for each of them. This leads to
employees coming up with easy-to-remember passwords and reusing them for multiple
accounts. Stolen, weak, or reused passwords are the top reasons for data breaches worldwide.
Password policy best practices were a hot security topic in 2019, as several major organizations
including NIST issued new guidelines to create secure passwords. These updates have been
primarily driven by the fact that passwords are still one of the easiest pieces of information to
steal – as evidenced by the fact that phishing remains the most popular hacking technique.
Password policy refers to the entire lifecycle of passwords. The way they are
created, safe transmission, complexity requirement, secure storage, periodic randomization,
continuous monitoring, prompt deprovisioning, etc. Administrators of organizations are
responsible for setting the password policies for their employees. In order to keep the passwords
protected setting password policies can be complicated. And some people have troubles finding
the best password policies. So, In this article we’ve described about some of the best updated
password policies which are currently in standings.

Encourage employees to use unique passwords

Employees should use unique passwords for their own work security so that no one can hack
into their accounts and use their personal data. Most of the hackers break into computers by
guessing passwords, so using simple and common passwords makes it easy for intruders to gain
access easily and take control of the device. A strong and unique password provides essential
protection from financial fraud and identity theft, and it secures employees’ personal data.

Insists on complex or long passwords

Passwords are the first line of defense against unauthorized access to a computer and personal
information so having complex and long passwords will prevent from hackers trying to gain
access into employees’ accounts or computers. The more complex, long, and strong the
password is, the more security it provides to a computer from hackers and malicious software.

Don’t allow employees to reuse passwords

Reusing a password can fuel cyberattacks and create many security risks because if a hacker can
steal information and gain access to one account, then they might try using the same password
to log into other accounts as well. Using the same passwords can make it easy for hackers to
hack into computers and gain access to personal data.

Passwords should be changed but not too often

Passwords should be changed but not too often because if a password is good and
uncompromised, then it doesn’t do any good when you change it frequently. However, a
password should be changed at least once in every three months as it would prevent constant
access and it can be made difficult for someone to log into your accounts and gain access.

Train staff on password best practice

You should choose a password that is at least 8 characters long and contains letters, numbers,
and symbols. You can create a password by combining various terms, making it more difficult
for cybercriminals and hackers to guess it. Each application and account need a unique
password. Your password should never be shared among other employees in the company or
friends. Make your passwords easy to remember but hard to guess.

Use of multi-factor authentication (MFA)

MFA is a method of ensuring that internet users are who they say they are by asking them to
produce at least two pieces of proof to establish their identity. If one of the components has
been hacked or accessed by an unauthorized person, the odds of another being hacked are very
low.
Change of Passwords
Cyber security experts say that “you should update your account passwords once in every three
months (90 days)”. This will prevent constant access; hackers might try to access your account
more than once in a period. So, updating your passwords reduces the risk of your account being
hacked. And by using this way you can limit multiple account breaches, it’s easy to use the
same password for all of your accounts, whether they're for computers and network equipment
or online accounts because remembering a single password is much easier. However, it also
means that if someone cracks your password, they will have access to all of your accounts. If
you change your passwords to something distinct and unique for each account, even if
someone guesses one, he won't be able to use it for anything other.

Encourage the use of password managers

A password manager is a computer program that lets users save, generate, and manage
passwords for local and internet applications. To begin with, password managers safeguard
your passwords by encrypting them. Because of its remarkable strength, AES 256-bit is the
industry standard, which is also utilized by the military.

Don’t use password hints

Many users use password hints to easily remember their passwords, even it is common on
cooperate sector. In password hints many people use questions related to their personal life.
The people who know answer for that question can access the system by inserting correct
password. To avoid that don’t use password hints.

Screen passwords against blacklists

Many users use password hints to easily remember their passwords, even it is common on
cooperate sector. In password hints many people use questions related to their personal life.
The people who know answer for that question can access the system by inserting correct
password. To avoid that don’t use password hints.

Consider getting rid of passwords altogether

Many users use password hints to easily remember their passwords, even it is common on
cooperate sector. In password hints many people use questions related to their personal life.
The people who know answer for that question can access the system by inserting correct
password. To avoid that don’t use password hints.

Forbid password sharing

Many users use password hints to easily remember their passwords, even it is common on
cooperate sector. In password hints many people use questions related to their personal life.
The people who know answer for that question can access the system by inserting correct
password. To avoid that don’t use password hints.

Conclusion
In order to assess the quality of password policies, Company's IT security managers and
policymakers must go beyond password syntax. It is crucial for businesses and their user
communities to be aware of common password dangers and effective practices. Password
practices in order to evaluate the efficacy of password techniques in terms of their security.
Ability to manage risks and meet due diligence criteria in terms of logical access control.

References
Jithukrishnan (n.d.). Top 10 password policy recommendations for system
administrators in 2021. [online] Securden. Available at:
https://www.securden.com/blog/top-10-password-policies.html [Accessed 9 Nov.
2021].

Securicy. (2020). The (New) Best Practices for Your Password Policy. [online]
Available at: https://www.securicy.com/blog/password-policy-best-practices/
[Accessed 9 Nov. 2021].

aisel.aisnet.org. (n.d.). Please Log In. [online] Available at:

https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1190&context=amcis2012.

www.metacompliance.com. (n.d.). Password Policy Best Practices 2021 |

MetaCompliance. [online] Available at:
https://www.metacompliance.com/blog/password-policy-best-practices-2021/.

Duncan, C. (n.d.). 10 Password Policy Best Practices To Ensure Cybersecurity In 2021.

[online] www.alert-software.com. Available at: https://www.alert-
software.com/blog/password-policy-best-practices.