As the administrator of a marina, yacht club or boatyard, you are responsible for setting up the password policy for users of your marina, yacht club or boatyard, so that they can securely access its digital management tools. Establishing this policy can often be complicated or confusing, so here are some recommendations to make your marina, yacht club or boatyard more secure against password attacks.
The recommended procedures for passwords can be divided into broad categories, including the following:
- Resistance to common attacks. To address this type of attack, two lines of action should be worked on: controlling where users enter passwords (known and trusted devices) and choosing the password (length and uniqueness).
- Curbing successful attacks. Limit exposure to a specific service. For example, make sure that if a hacker can access your social network, they cannot also access your bank account.
- Understanding human nature. It should be noted that many valid password procedures do not align with natural human behavior. Length change requirements, special character requirements, and password change requirements all lead to password normalization, making it easier to guess or decipher passwords.
Regarding password expiration, some recommendations are:
- Password validity days. Define the number of days a password will be valid.
- Password expiration. Add a maximum validity in days for passwords. This action implies previously defining the validity days of a password.
Attention, if password expiration is set, it is not recommended that the number of days be very low, as the obligation to renew the password too frequently leads users to relax password complexity and tend to repeat them.
Regarding achieving a more secure password system, some recommendations are:
- Define a minimum character length. A good length is 8 characters, keep in mind that a longer password is not always better.
- Exclude the username. This way, the username cannot appear in the same password.
- Include lowercase. Require at least one lowercase letter.
- Include uppercase. Require at least one uppercase letter.
- Include numbers. Require at least one number.
- Include special characters. Require at least one special character, i.e. one of the following: !#$%&?*
It is recommended not to establish complex formats together with password expiration without first assessing the impact of the different combinations.
A good complex format policy can avoid the need to expire passwords with low frequency.
Keep in mind that the more diverse the passwords, the more robust your marina, yacht club or boatyard’s password system will be.
Now, following the password policy recommendations we have provided, we encourage you to define those for your marina, yacht club or boatyard and configure them in Galatea.And if you don’t know how to do it, here is the direct link to the wiki section where we detail it for you.
