Difference between revisions of "Password"

From Clinfowiki
Jump to: navigation, search
m
m
Line 3: Line 3:
 
Research firm RSA surveyed 1,700 enterprise end users in the US and found that more than a 1/4 of respondents manage more than 13 passwords at work [1]. This leads to much frustration on the part of both end users as well as IT managers who must help their users resolve password related problems which 40% of respondents said took at least 6 minutes each to resolve. This frustration causes over 50% of users to write down passwords on paper or save them locally on a spreadsheet or in document (often in plain text, i.e., no encryption) on their PC or handheld device.
 
Research firm RSA surveyed 1,700 enterprise end users in the US and found that more than a 1/4 of respondents manage more than 13 passwords at work [1]. This leads to much frustration on the part of both end users as well as IT managers who must help their users resolve password related problems which 40% of respondents said took at least 6 minutes each to resolve. This frustration causes over 50% of users to write down passwords on paper or save them locally on a spreadsheet or in document (often in plain text, i.e., no encryption) on their PC or handheld device.
  
 +
Here are some guidelines for determining password strength:
 +
Password formatting guidelines require that every password must:
 +
• Be at least eight alphanumeric characters in length
 +
• Contain at least one upper case letter
 +
• Contain at least one lower case letter
 +
• Contain at least one number
 +
• Contain at least one special character
 +
• Not contain consecutive characters (abc or cba)
 +
• Not contain repeating characters (aa, bb, etc.)
 +
• Not contain the same character more than twice
 +
• Not be repeated within the last 10 used
 +
• Not be changed more than once in a 24-hour period
 +
 
== References ==
 
== References ==
 
[http://software.silicon.com/security/0,39024655,39152802,00.htm Biometrics curing password headaches], 28 September 2005.
 
[http://software.silicon.com/security/0,39024655,39152802,00.htm Biometrics curing password headaches], 28 September 2005.
  
 
[[Category:CPOE]]
 
[[Category:CPOE]]

Revision as of 02:21, 4 September 2008

We have had discussions at our organization about eliminating requirements to change passwords every x days, and to having different PW's for each application, in exchange for requiring one complex PW. Likely more secure? Any literature on breaches with this system vs the usual? Likely cost savings in PW resets by IS department?

Research firm RSA surveyed 1,700 enterprise end users in the US and found that more than a 1/4 of respondents manage more than 13 passwords at work [1]. This leads to much frustration on the part of both end users as well as IT managers who must help their users resolve password related problems which 40% of respondents said took at least 6 minutes each to resolve. This frustration causes over 50% of users to write down passwords on paper or save them locally on a spreadsheet or in document (often in plain text, i.e., no encryption) on their PC or handheld device.

Here are some guidelines for determining password strength: Password formatting guidelines require that every password must:

• Be at least eight alphanumeric characters in length
• Contain at least one upper case letter
• Contain at least one lower case letter
• Contain at least one number
• Contain at least one special character
• Not contain consecutive characters (abc or cba)
• Not contain repeating characters (aa, bb, etc.)
• Not contain the same character more than twice
• Not be repeated within the last 10 used
• Not be changed more than once in a 24-hour period

References

Biometrics curing password headaches, 28 September 2005.