O'Reilly logo

Writing Information Security Policies by Scott Barman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Passwords

After usernames, passwords become the front-line defense against intruders. You can be as careful about assigning and maintaining usernames, but one weak password can allow anyone to open the door to the network. Password policies fall into two categories: what constitutes a valid password and the storage of those passwords.

Policies Defining Valid Passwords

Good policies for passwords specify that the passwords are difficult to guess. Although the concept of difficult to guess seems abstract, the generally accepted formula is that the password should be a mixture of letters, numbers, or special characters and not a word one would find in the dictionary. Another way to prevent guessable passwords is to maintain “social engineering ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required