Problem: Password Security
|
Policy: |
Users prefer easily guessed passwords, write and share passwords. |
|
Authentication: |
Weak caller authentication prior to HD password resets. |
|
Delegation: |
Support staff require too many administrative logins. |
|
Accountability: |
For support staff who perform resets. |
|
Encryption: |
Passwords should not be sent or stored in the clear. |