The organization should have defined guidelines for the generally acceptable use of data systems and for the management of the necessary credentials.
In addition, the owners of data systems classified as 'High' or 'Critical' priority can define, document, and implement more specific guidelines for the use of that particular data system. These guidelines can describe e.g. security requirements related to the data contained in the system.
The password management system allows the user in a registration situation to decide how complex a password is to be set this time and to remember it on behalf of the user.
When using the password management system, e.g. the following principles:
The organization has predefined authentication methods that employees should prefer when using data systems.
When using cloud services, the user can often freely decide how he or she authenticates with the service. A single centralized authentication account (such as a Google or Microsoft 365 account) can help close a large number of access rights at once when the main user account that acts as the authentication method is closed.
One way to manage the risks associated with shared usernames is to manage the shared password and its users directly through a password management system.
In this case, it is possible to act in such a way that, for example, only an individual person actually knows the password and the persons who use it.
Credentials should be securely transmitted to users. delivery of a password or through unprotected external party (plaintext) e-mail message should be avoided.
Temporary credentials should be unique and should not be quessable, for example, by inferring from user data.