Home Forums Discussions General Discussion Question about security

It has been suggested that I improve the security of my computer work stations.
With regards to individual work stations, for the computer itself, do you [doctor] or the individual staff member at each station assign the unique password that opens the computer?
And similarly- do you [doctor] assign the unique ac passwords for your staff, or do you have each staff member create and maintain their own ac passwords.

Right now, I sort of have access to everything and 'control' all the passwords.
I would appreciate your feedback

I let my staff choose their own, but require that they also provide me with it. Thus they can remember it without writing it down, and I can monitor their inboxes, etc.

I agree with David, but I do add a twist to it. I used to do it completely that way.

First, I require an 8 letter alphanumeric password with a number that is WITHIN the password.

Second, I make the password so I don't have to go over their passwords making sure they are not birthdays and cats' names. Users will do this; of course, you can change them, but I find the following to be the most secure way.

I assign passwords, and I use a song or nursery rhyme for security and ability to remember. For instance, for one user, I will use:

We all live in a yellow submarine which then translates to:

waL4iaYs

The chances of that being cracked by guessing or brute force would take years. They can remember it, and, more importantly, I can remember it. I do write them all down on the server, encrypted. And, I keep a card in my wallet.

I do not make them change the password every three months or so. The more you make them remember, the more likely they will put a sticky on the back of their computer.

I do make a limit of five tries (three is too easy to reach) before freezing the computer, at which time I can reset the password.

I make them log off if they are leaving their computer, otherwise, they can log off, lock or let the screensaver lock their computer.

It has been drilled into their heads that at no time can anyone give away their password and at no time can a user, use someone else's computer under that user's account. They have their own account. I have written up three users for this. It is a serious offense since a server on a domain can monitor all logins and who logged into what machine at what time.

Summary: I make the passwords using phrases such as Sorry seems to be the hardest word: sstbtH8w. They cannot give them out or use any other person's account in their name.

I assign passwords to most of the staff, though the strength of Bert's passwords put my passwords to shame. We don't have a client-domain setup; we just share certain folders over the network. Some of the folders have sensitive information, so we encrypt those using the windows encryption tool (right click, properties, the advanced button, encrypt).

Another method we employ is having the monitors automatically blackout after a minute of inactivity and the computers go into standby&lock after ~15-45 minutes of inactivity.

For more information about general computer security, I'd suggest looking throughout this. Sandeep and Indy, among others, have some great posts that tackle computer security issues.