Users must know that they are responsible for their credentials.

Just a short blog today. Having a strong password policy is great but useless if your staff arnt aware of their role in protecting their credentials!

Security category – 9.3. User responsibilities

9.3.1. Use of secret authentication information

As discussed with Control – 9.2.4 all staff should be made aware that they are responsible for their account, credentials and the use, or misuse, of the same. Staff should not share their passwords, have them stored in an insecure form (post-its!), reuse the same password where SSO isn’t in use and should adhere to the organizations password guidelines (min length, use of passphrases etc).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s