Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Password Policy numbers of complex passwords. The advice below advocates a greater reliance on
technical defences and organisational processes, with passwords forming just one part of
Advice for system owners your wider access control and identity management approach.
#
Insecurely stored passwords
can be stolen, such as ones Help users cope
written on sticky notes and
kept near (or on) devices.
with password
Key messages overload
Phishing & Password for staff 1. Allow users to securely store their
passwords, including the use of password
coercion spraying training managers.
Using social engineering Trying a small number of 1. Emphasise the risks of re-using 2. Don't automatically expire passwords. Only
techniques to trick people commonly-used passwords passwords across work and home accounts.
into revealing passwords. ask users to change their passwords on
to access a large number 2. Help users to choose passwords that indication or suspicion of compromise.
Data breaches of accounts.
are difficult to guess. 3. Use delegation tools instead of password
Using the passwords sharing. If there's a pressing business
leaked from data 3. Help users to prioritise their high
value accounts. requirement for password sharing, use
breaches to attack additional controls to provide the required
other systems. 4. Consider making your training applicable oversight.
to users' personal lives.
© Crown Copyright 2018 www.ncsc.gov.uk @ncsc National Cyber Security Centre