Users must know that they are responsible for their credentials.

Just a short blog today. Having a strong password policy is great but useless if your staff arnt aware of their role in protecting their credentials!

Security category – 9.3. User responsibilities

9.3.1. Use of secret authentication information

As discussed with Control – 9.2.4 all staff should be made aware that they are responsible for their account, credentials and the use, or misuse, of the same. Staff should not share their passwords, have them stored in an insecure form (post-its!), reuse the same password where SSO isn’t in use and should adhere to the organizations password guidelines (min length, use of passphrases etc).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s