Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP 9000 Computer Systems : Administering Your HP-UX Trusted System > Chapter 4 Practices that Compromise the Trustworthiness of the System

Lack of Password Security
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

A user must log onto the system by specifying a user name and a password. If system administrators and users are not careful about creating accounts with secure passwords, if they do not keep passwords private, unauthorized users can easily gain access to the system and explore security holes. Maintaining password security is one essential method of keeping your system and data safe.

Incomplete User Education

As the system administrator, it is your responsibility to educate your system users about keeping their accounts and passwords secure. You are the main source of information on system security to users and their managers. By not providing information and not keeping an eye on system use, you risk unauthorized user access. This is one of the most difficult types of system intrusion to detect because proper authentication procedures are followed.

In addition, making a secure environment seem confining to users is asking for trouble. Making security guidelines sound like dictums that must be followed may seem restrictive and unappealing. Users might want to strike out against the rules and could senselessly damage the system. Therefore, it is to your advantage to be diplomatic when employing the rules. Involve users in developing security policy and make them aware of the advantages for them and possible bad consequences they could face.

Unsafe Password Practices

  • Not implementing restrictions on the passwords chosen

  • Creating accounts without passwords

  • Not requiring password aging

  • Allowing usernames of less than three characters

  • Writing passwords down

  • Allowing users to share accounts

  • Letting users have multiple accounts and passwords with the same username and password

Password aging lets you set a limit to the time you can use a specific password before it has to be changed.

Even if a password is compromised, that password will be changed. Without password aging and expiration policies, user passwords and accounts may not remain current and you're increasing system risk.

Creating accounts with no passwords or using simplistic passwords such as "123" for general access can leave a way for someone to gain system access. By allowing usernames of less than three characters can cause confusion due to potential duplication. Not implementing restrictions on the passwords chosen can make it easier for users to assign passwords that can be easily guessed. For example, by allowing users to assign alphabetic passwords, they might use a word that is in the dictionary or a name of a family member.

Another bad practice occurs when users find the need to write their passwords down or send information about passwords in email. In addition, allowing users to share accounts compromises system accountability.



Chapter 4 Practices that Compromise the Trustworthiness of the System
  		 


Lack of Routine System Checks  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.