Password management is always a challenge. Not only do users love to never change their password, they also like to keep it as simple as possible.
Today we’re not going to dip our toe into the very deep water of how to write good password policy. We’re really here to show you how Shield can align with the policy you may already have written.
Before we start, a word of caution about passwords and Business Continuity Plans (BCP). We all would like to think that recovery team members are diligently logging into their plans on a very regular basis. We like to imagine they regularly keep things up-to-date and familiar. But let’s face it, people get busy. When deadlines hit and workloads pile up, routinely checking on that Business Continuity Plan becomes a lower and lower priority. Before you know it, users have forgotten their password to even access the plan.
Now this is not true for every organization. We share this with you only to make you consider your organization’s culture and ensure that it aligns with how strict your password policy is. The last thing you want is your team members locked out of their plans when disaster strikes because of a very strict policy.
At KingsBridge we recognize that every organization is different, so in the tradition of Keeping It Simple and Secure, we leave the password policy options up you. Here are the options available to our Gold and Platinum Shield subscribers.
Custom Character Limitations.
The strength of a password is a function of a number of characteristics. These include length, use of special characters, and overall complexity or unpredictability. You can choose a general password strength that your Shield users need to adopt by selecting Average, Strong or Very Strong.
Alternatively you have the option of selecting your own character limitations. Options available include ‘at least one number’, ‘at least one uppercase letter’, ‘at least one symbol or special character’, ‘no consecutive identical characters’, and setting a minimum length.
Password Expiry Rules.
Perhaps you’re less concerned about the structure of the password your users choose. You want to make sure they change their passwords frequently. Shield allows you to set a frequency with which passwords will expire. You can choose either the number of days since the user last changed their password or the the number of days since the user last logged in.
Account Lock-Out Rules.
Sometimes it’s not your users you’re worried about but rather less savory individuals who try to hack you by just trying one password after another. To mitigate this risk Shield allows you to set Account Lock-Out Rules. You can establish not only how many failed login attempts a user is allowed, but also the lock-out duration when the user hits that attempt limit.
Password Reuse Rules.
Even with rules enforcing regular password changes, sometimes users just alternate between the same two passwords every time. To limit this behavior, Shield allows you to block reuse so that passwords cannot be reused within the number of days you establish. Alternatively you can establish how many passwords a user has to use before they can begin reusing them.
If you’re looking for really tight security, Shield offers two-factor authentication an an option for password management. When logging into Shield, users will receive a password via email. If you use Shield Communications, our integrated notification system, two-factor authentication via SMS is also available.
As a closing note, make sure your Shield software aligns with your company’s policies. That way when the auditors arrive or your Information Security staff come growling, you’re prepared.
KingsBridgeBCP offers businesses of all sizes BCP Software Solutions and industry know-how based on best practices. From a FREE Edition to a Platinum Edition there is a Shield for everyone. Our software packages meet the wide range of our customers’ needs, ensuring we deliver the best value in every project. To learn more about KingsBridge click here.