The Auditor General of Western Australia published a damming report into the state of user account security within the public sector. The era of capital letters, 8 characters and some numbers must surely come to an end after this report was made public? The report noted that good practice within password management frameworks was lacking. The myriad of diverse agencies using the Western Australian Government’s systems illustrated the centrality of strong password management systems.
The report stated:
“Over one quarter of the enabled network accounts we looked at had weak passwords at the time of the audit. In a number of instances, these accounts are used to access critical agency systems and information via remote access without any additional controls. Generally, agencies lacked technical controls to enforce good passwords across networks, applications and databases, and did not have guidance about good practice for password management.”
The report’s conclusion argued that good password management was about trusted engagement between passwords, people and processes – bringing organisations together with a strong focus on collective security. The Auditor General believes strong password management requires (at least) the following:
1 – Uppercase and Lowercase text
2 – Numbers (0 – 9)
3 – Non-alphanumeric characters like !, £, & etc.
By using these standards, the report concluded that businesses and organisations could improve their password management systems dramatically.