Journal of National Security and Military Science (안보군사학연구)
- Serial No. 8
- /
- Pages.421-465
- /
- 2010
- /
- 2713-704X(pISSN)
A Study On Enterprise Password Management Recommendations
대규모 조직에서의 패스워드 관리에 관한 권고 고찰
-
Park, Jin-Sub
(Dept. of Computer Engineering, Daejeon University)
-
박진섭
(대전대학교 컴퓨터공학과)
- Published : 2010.12.30
Abstract
Passwords are used in many ways to protect data, systems, and networks. Passwords are also used to protect files and other stored information. In addition, passwords are often used in less visible ways for authentication. In this article, We provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise. Effective password management reduces the risk of compromise of password-based authentication systems. Organizations need to protect the confidentiality, integrity, and availability of passwords so that all authorized users - and no unauthorized users - can use passwords successfully as needed. Integrity and availability should be ensured by typical data security controls, such as using access control lists to prevent attackers from overwriting passwords and having secured backups of password files. Ensuring the confidentiality of passwords is considerably more challenging and involves a number of security controls along with decisions involving the characteristics of the passwords themselves.