09 Feb Are your passwords doing their job?

1. Encourage users to use phrases they can remember rather than complex passwords
2. Alternatively, use of three random words can create a strong password. Perhaps include a word that relates to the website/application such that:
3. Different passwords to be used for each application
4. Passwords should never be stored as plain text
5. Administrators must use different passwords for their administrative and non-administrative accounts.
6. Do not routinely grant administrator privileges to standard users.
7. Consider implementing ‘two-factor’ authentication for all remote accounts.
8. Make sure that absolutely no default administrator passwords are used.