{"id":12937,"date":"2014-07-09T12:07:52","date_gmt":"2014-07-09T12:07:52","guid":{"rendered":"https:\/\/www.poleetic.com\/en\/?p=12937"},"modified":"2023-09-19T07:04:22","modified_gmt":"2023-09-19T07:04:22","slug":"digital-governance-optimize-the-password","status":"publish","type":"post","link":"https:\/\/www.poleetic.com\/en\/blog\/2014\/07\/09\/digital-governance-optimize-the-password\/","title":{"rendered":"Digital Governance: optimize the password"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1420.64px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\"><p style=\"text-align: justify;\"><strong>The password, a little chain of characters that everyone use everyday, represents a very serious topic for cyber-security actors.<\/strong><\/p>\n<p><img decoding=\"async\" class=\"wp-image-13231 size-full alignnone\" src=\"https:\/\/www.poleetic.com\/wp-content\/uploads\/2015\/10\/Fotolia_55826385_XS.jpg\" alt=\"Gouvernance digitale optimiser les mots de passe\" width=\"424\" height=\"283\" srcset=\"https:\/\/www.poleetic.com\/wp-content\/uploads\/2015\/10\/Fotolia_55826385_XS-300x200.jpg 300w, https:\/\/www.poleetic.com\/wp-content\/uploads\/2015\/10\/Fotolia_55826385_XS.jpg 424w\" sizes=\"(max-width: 424px) 100vw, 424px\" \/><\/p>\n<p>A good password governance for companies requires a clear policy, shared with every stakeholder and monitored through a regular and automatized process. More and more services used by companies and now available online, making these policies <strong>a pillar of digital governance.<\/strong><\/p>\n<p>Here are examples of common patterns among users and the risks associated:<\/p>\n<ul>\n<li>The usage of the same password for multiple personal and professional accounts:<br \/>\n<span style=\"color: #ff0000;\">\u00a0&gt;&gt;<\/span> RISK : If one of the services is comprised, the cyber-criminal would be able to access all the other accounts therefore putting the whole of the company at risk.<\/li>\n<\/ul>\n<ul>\n<li>The usage of personal information in the password (birthday, kid\u2019s names etc\u2026)<br \/>\n<span style=\"color: #ff0000;\">&gt;&gt;<\/span> RISK : The techniques of social engineering that can easily give the cyber-criminal access to your password.<\/li>\n<\/ul>\n<ul>\n<li>The usage of common words in the password:<br \/>\n<span style=\"color: #ff0000;\">&gt;&gt;<\/span> RISK : A piece of software that utilizes the \u201cbrute force\u201d witch can easily and in an automatic manner find the password using a preconfigured table or list of words. (Example:<span style=\"color: #ff0000;\"> <a style=\"color: #ff0000;\" href=\"http:\/\/mashable.com\/2012\/06\/08\/linkedin-stolen-passwords-list\/\" target=\"_blank\" rel=\"noopener\">Top 30 passwords used for Linkedin<\/a>,<\/span> an excellent source for hackers.)<\/li>\n<\/ul>\n<ul>\n<li>Keeping a copy of the password on your computer or in your emails:<br \/>\n<span style=\"color: #ff0000;\">&gt;&gt;<\/span> RISK : If the computer or the email gets compromised, so does all the other services.<\/li>\n<\/ul>\n<ul>\n<li>Keeping the password on a post-it note next to the computer.<br \/>\n<span style=\"color: #ff0000;\">&gt;&gt;<\/span> RISK : Among intrusion methods, a physical interception is possible. A hacker falsely poses as a repair man looking for a malfunction next to the computer.<\/li>\n<\/ul>\n<ul>\n<li>The usage of professional email for the setup of personal accounts.<br \/>\n<span style=\"color: #ff0000;\">&gt;&gt;<\/span> RISK :In the case where the company is changed, the email is lost and the access to personal accounts becomes difficult.<\/li>\n<\/ul>\n<ul>\n<li>Choosing to save all the passwords in the web browser:<br \/>\n<span style=\"color: #ff0000;\">&gt;&gt;<\/span> RISK : They are <span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"http:\/\/www.pcastuces.com\/pratique\/astuces\/2730.htm\" target=\"_blank\" rel=\"noopener\">easily obtainable<\/a><\/span> if the browsing session is kept open.<\/li>\n<\/ul>\n<p>Here are some good practices when it comes to password governance:<\/p>\n<p>1\/\u00a0The password used with your email address is unique and should not be used elsewhere. In reality a lot of users have the reflex, when signing up to an e-commerce site, to use the same email and password witch should we avoided at all costs.<\/p>\n<p>2\/\u00a0Differentiate online services according to their criticality. The complexity of the password is not the same for an email service and an online information aggregate.<\/p>\n<p>These are some suggestions to better secure a password:<\/p>\n<ul>\n<li>The password must contain at least one lowercase letter.<\/li>\n<li>The password must contain at least one uppercase letter.<\/li>\n<li>The password must contain at least one digit.<\/li>\n<li>The password must contain at least one special character ($ !?%).<\/li>\n<li>The password must contain at least 3 characters in different styles (lowercase, uppercase, digit, special character).<\/li>\n<li>The password must be at least 8 characters.<\/li>\n<li>The password must not contain the user name.<\/li>\n<\/ul>\n<p>3\/<span style=\"color: #ff0000;\">\u00a0<a style=\"color: #ff0000;\" href=\"http:\/\/www.01net.com\/telecharger\/windows\/Utilitaire\/cryptage_et_securite\/fiches\/10657.html\" target=\"_blank\" rel=\"noopener\">Random password generator software<\/a><\/span> can be used to make to create secure passwords<\/p>\n<p>4\/\u00a0In order secure passwords in a <span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"http:\/\/www.tomsguide.fr\/article\/Securite-cryptage,2-1164-2.html\" target=\"_blank\" rel=\"noopener\">safe and encrypted place<\/a><\/span> services exist, but again a unique password must be defined.<\/p>\n<p>5\/ If you are a DSI or a SSI, get in touch with HR or the internal comity in order to regularly inform employees on managing there passwords. And <strong>don\u2019t be hesitant to initiate or push measures in respect with the company\u2019s policy<\/strong>. The fate of the company depends on it\u2026<\/p>\n<p>6\/ Other measures: configure \u00ab google alerts \u00bb for your professional e-mail, so that if it would be compromised and posted online you will be notified.<\/p>\n<p>So, are you ready to clean up?<\/p>\n<\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":15947,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[88,91,86,89,155,1],"tags":[],"class_list":["post-12937","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-digital-governance","category-poleetic-en","category-project-management","category-security","category-trends-en","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/posts\/12937","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/comments?post=12937"}],"version-history":[{"count":14,"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/posts\/12937\/revisions"}],"predecessor-version":[{"id":15953,"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/posts\/12937\/revisions\/15953"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/media\/15947"}],"wp:attachment":[{"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/media?parent=12937"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/categories?post=12937"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poleetic.com\/en\/wp-json\/wp\/v2\/tags?post=12937"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}