A username and password are two pieces of information that a user needs to log on to a computer. When an attacker knows one of these entries, the attacker needs only to crack or discover the other entry to gain access to the computer system. It is important to change the default username for accounts such as administrator or guest, because these default usernames are widely known. Some home-networking equipment has a default username that cannot be changed. Whenever possible, change the default usernames of all users on computers and network equipment.
The system administrator usually defines a naming convention for usernames when creating network logins. A common example of a username is the first letter of the person’s first name and then the entire last name. Keep the naming convention simple so that people do not have a hard time remembering it. Usernames, like passwords, are an important piece of information and should not be revealed.
Password guidelines are an important component of a security policy. Any user that must log on to a computer or connect to a network resource should be required to have a password. Passwords help prevent theft of data and malicious acts. Passwords also help to ensure that logging of events is correct by ensuring that the user is the correct person.
Network logins provide a means of logging activity on the network and either preventing or allowing access to resources. If you are unable to log on to a computer, do not use another user’s username and password, even if they are your coworker or your friend, because this can invalidate logging. Instead, inform the network administrator of any problems logging on to a computer or authenticating against secure network resources.
Using secure, encrypted login information for computers with network access should be a minimum requirement in any organization. Malicious software could monitor the network and record plaintext passwords. If passwords are encrypted, attackers must decode the encryption to learn the passwords.
Attackers can gain access to unprotected computer data. Password protection can prevent unauthorized access to content. All computers should be password protected. Three levels of password protection are recommended:
- BIOS - Prevents the operating system from booting and the BIOS settings from being changed without the appropriate password, as shown in Figure 1.
- Login - Prevents unauthorized access to the local computer, as shown in Figure 2.
- Network - Prevents access to network resources by unauthorized personnel, as shown in Figure 3.