Authentication Practices

• Audit the accounts on your systems and create a master list
• Develop procedures for adding authorized accounts to the list, and for removing accounts when they are no longer in use.
• Validate the list on a regular basis to make sure no new accounts have been added and that unused accounts have been removed.
• Run a password cracking tool against the accounts looking for weak or no passwords. (Make sure you have official written permission before employing a password cracking tool.)
• Train users
• Install password checking tools
• Use alternative authentication methods

• PreviousSoftware Installation Practices
• Contents
• NextBackup Practices

 Last change: Tuesday, June 1, 2004 5:24 pm
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.