The Central Board of Excise and Customs of India claimed that compromised passwords are the biggest threat to system security. Despite elaborate instructions on passwords, which all employees are supposed to follow, “instances of password compromise continue to recur with unfailing regularity”, an unnamed official says.
Sharing of passwords was identified as one of the main reasons of unauthorized access and information leakage. According to CBEC representative, officers who share their passwords with others should “be regarded as being in collusion in the fraud that results”. To prevent insecure use of passwords CBEC plans to introduce a set of measures, including disciplinary action and even dismissal from the Government service.
Penalty threat may not be the most effective solution. In case of password breach, complex countermeasures are required, and regular password audit is a significant part of it. If it is required that users change their passwords every 30 days, then system administrators have to perform password audits with the same regularity. There is a lot of both free and commercial auditing tools that allow to check password security.
Source: Business Line