|
| 1 | +# Password Guideline |
| 2 | + |
| 3 | +Our ‘Thoth Tech’ organisational security policy is the document that defines the scope of a utility’s cybersecurity efforts. It serves as a repository for decisions and information generated by other building blocks and a guide for future cybersecurity decisions. The policy includes proposed solutions, scopes, goals, responsibilities, security program structure, compliance, and the approach to risk management. |
| 4 | + |
| 5 | +## Background Information |
| 6 | + |
| 7 | +Hackers are born as bright as developers and programmers nowadays. Cybersecurity problems are faced by individuals or groups connected to the internet in a day-to-day working environment. |
| 8 | +According to a study by the University of Maryland, “hackers attack computers connected to the Internet every 39 seconds. Thus, online computers attacked on average 2,244 times a day. The Worldwide Information Security Market is forecast to reach 170.4 billion in 2022 (Gartner). It is now not a question of “If” an attack will happen but when.” – (Cukier, Michel. May 2020). |
| 9 | +In this ever-evolving threat landscape, it is imperative for every organisation to have documented Security Policies to mitigate the risks. |
| 10 | +As mentioned by Chaudary, “Cybersecurity plays a crucial role within the field of the digital world. Securing information and data has become one of the most critical challenges in the present day. Whenever we expect cybersecurity, the primary thing that involves our mind is cybercrimes increasing immensely daily. Various Governments and Organizations are taking many measures to stop these cybercrimes”. (Chaudary, Varsha, Feb. 2022) |
| 11 | +Besides various measures, cybersecurity remains a massive concern to several. The top three cybersecurity trends in 2021 are: |
| 12 | + |
| 13 | +- Ransomware |
| 14 | +- Cyber-attack Surface (IoT supply chain and Remote work systems) |
| 15 | +- Threats to IT infrastructure |
| 16 | + |
| 17 | +## Password Policy |
| 18 | + |
| 19 | +Furthermore, I quote the work of Chaudhary about networks or any internet-related password policy. “A crucial component of computer security is passwords. They are the user accounts' first line of defence. The concept of usernames and passwords has been a fundamental way of protecting our information. The purpose of this policy is to determine the creation of strong passwords, the protection of these passwords, and, therefore, the frequency of password change must be followed.” (Chaudary, Varsha, Feb. 2022) |
| 20 | + |
| 21 | +### Purpose: |
| 22 | + |
| 23 | +This policy aims to provide a standard for developing secure passwords, their protection, and how frequently they should be changed. |
| 24 | + |
| 25 | +It is necessary to make sure each person is whom they claim to be (authentication), usually by checking the user ID and password they enter and allowing them to access only the data they’re allowed to use (authorisation). |
| 26 | + |
| 27 | +Thoth Tech requires passwords to include a variety of symbols. It should have at least one number, both uppercase and lowercase letters, and one or more special characters. |
| 28 | + |
| 29 | +1. It should not contain your personal information — specifically, your real name, username, student ID, etc. |
| 30 | +2. Reset local admin passwords every 180 days. This can be done with the free Netwrix Bulk Password Reset tool. |
| 31 | +3. Passwords cannot be used from the previous five passwords. |
| 32 | +4. All online and desktop accounts must change at least every six months. |
| 33 | +5. The password should be changed in the case of a potential threat or suspected unauthorised access. |
| 34 | + |
| 35 | +The following passwords are discouraged: |
| 36 | + |
| 37 | +- Easy-to-guess passwords, especially the phrase "password." |
| 38 | +- A string of numbers or letters like “1234” or “abcd.” |
| 39 | +- A series of characters appear sequentially on the keyboard, like “@#$%^&.” |
| 40 | +- A user’s given name, the name of a spouse or partner, or other names |
| 41 | +- The user’s phone number or license plate number, anybody’s birth date, or additional information easily obtained about a user (e.g., address or alma mater) |
| 42 | +- The same character typed multiple times, like “zzzzzz.” |
| 43 | +- Words that can be found in a dictionary |
| 44 | +- Default or suggested passwords, even if they seem strong |
| 45 | +- Usernames or host names used as passwords |
| 46 | +- Passwords that form a pattern by incrementing a number or character at the beginning or end |
| 47 | + |
| 48 | +## Account Management Policy: |
| 49 | + |
| 50 | +This policy aims to establish a precise procedure for setting up, managing, and deleting accounts that permit access to Thoth Tech's information. In Thoth Tech, we use Miro, Trello, Microsoft Teams, Docker hub, lucid chart etc. The top system administrator, like the leaders, has control and management roles in creating, editing, and maintaining group access. Credentials dedicated to users' access are identified, and data security bridging is controlled. |
| 51 | + |
| 52 | +## References: |
| 53 | + |
| 54 | +1. Cukier, Michel. “Hackers Attack Every 39 Seconds.” Security Magazine RSS, Security Magazine, 24 May 2020, https://www.securitymagazine.com/articles/ 87787-hackers-attack-every-39-seconds. |
| 55 | +2. Chaudhary, Varsha, “Cyber Security Policy” 22 Feb. 2022, Cyber Security Policy - GeeksforGeeks |
| 56 | +3. https://www.quest.com/solutions/active-directory/what-is-active-directory.aspx |
0 commit comments