Necessity of password management and management method

In recent years when there have been many cases of information leakage, even companies are becoming more interested in information security.

In addition to introducing passwords to access the company’s PCs and main systems, I think that many companies have taken measures to prevent information leakage by applying passwords to individual files.

However, having a password does not mean it is safe. How the password is managed is also important. This time, we will introduce the necessity of password management and how to manage it.

Without proper management, passwords have an effect of zero
Even if you set a password, security measures are not sufficient if the password management is insufficient. There are many cases that prioritize the inconvenience of forgetting a password.

For example, it is not uncommon for a password to be easily guessed, or for the password itself to be publicly available on the company network. If such cases are left unchecked for reasons such as “because it is in-house” and “because the people around us can trust”, the risk of information leakage will increase steadily.

Password settings that should not be done

At many companies, it is easy to set a password because the anxiety of “forgetting your password is troublesome” is given priority.

The most common case is when the employee’s name or employee number is incorporated in the password, and then the password is a simple English word, or a number that is easy to identify, such as a birthday or phone number.

In some cases, the management number of the personal computer is used as a password, but since the management number is affixed to the personal computer case or is the ID on the login screen, it becomes easy to specify the password. .

Other than these, you should avoid any password that can be easily identified by a third party. And it is ideal to set the password with 8 or more letters by combining letters and numbers. Also, avoid using the same password in multiple environments at the same time.

A perfect password setting may be meaningless.

Even if you set a perfect password that is not specified by a third party, it may be meaningless depending on how you use it.

For example, emailing a password to someone you know is very risky. This is because there is a possibility that the mail will be known to another third party due to mistaken sending of the mail or virus infection.

It is also dangerous to remember the password in a web browser. It may be disclosed to an unspecified number of people or exploited arbitrarily by viruses. You should enter your password every time you use it.

And, as is often the case with companies, you should never write your password on a piece of paper and put it in a place where everyone can see it.

Change password regularly

Even if the password setting is perfect and the management measures are sufficient, avoid using the same password for a long time.

It may be possible to parse the password over time using a hacking tool. It is important to change your password regularly.

The idea that you are okay because you set a password is very dangerous. Please review the password setting and management method you are using, and if it is insufficient, be sure to improve it for safe operation.