Just a short blog today. Having a strong password policy is great but useless if your staff arnt aware of their role in protecting their credentials!
Security category – 9.3. User responsibilities
9.3.1. Use of secret authentication information
As discussed with Control – 9.2.4 all staff should be made aware that they are responsible for their account, credentials and the use, or misuse, of the same. Staff should not share their passwords, have them stored in an insecure form (post-its!), reuse the same password where SSO isn’t in use and should adhere to the organizations password guidelines (min length, use of passphrases etc).