Please rotate the screen to Landscape view for best viewing experience.

Close
Speak to an Expert: 01409 254 354

article

Security

Information Security – Passwords for dental practice

The latest password guidance from CODE

Information security is a fundamental part of data protection and you should have detailed written procedures about your information security measures. Password management is one of the most important aspects of information security. Here is an extract of the iComply Information Security Procedures (M 217C) on passwords that has just been updated with the latest information.

Password type and storage – notes for reference
The theory of using upper and lower-case letters mixed with numbers and special characters was invented by Bill Burr. Unfortunately, hackers have designed their password cracking software to discover this type of password, so they are no longer secure. He now advises the use of four unrelated words such as ‘moon rapport deckchair ambassador’, with spaces if possible, if not use dashes ‘moon-rapport-deckchair-ambassador’.

CODE recommends that all computer users install a password manager such as 1 Password, which helps the in the management of numerous, different passwords. It also completes name and address details or credit card details into a website form saving the user time. Although some people are concerned that password managers may be hacked, so far as CODE is aware, this type of breach hasn’t happened, we like to use 1Password in our offices.

The CODE password rules – team members:

  • Only use passwords where they are really needed
  • Use 1Password, Dashlane, Keeper, or other technical solution to store and manage passwords
  • Are only asked to change their passwords when there is an indication of suspicion or compromise
  • Are careful that nobody is looking over their shoulder when they type in a password
  • Create a password out of four unrelated words with spaces where possible or a minimum of 9 characters with upper and lower-case letters, at least one number and one special character such as £ or &
  • Do not store passwords in plain text on a computer or piece of paper that could be seen by others
  • Do not use common password choices such as “password, 12345, p4ssw0rd, pet names, personal name, date of birth, common words such as cities or football teams with letters or numbers replacing vowels such as c0d4, m4nch4st4r un1t4d, f1d0 etc. Note that most password manager applications will generate a unique password for you
  • Do not reuse passwords between work and home
  • Do not respond to emails asking for their login or asking them to reset a password unless they have requested the password reset themselves ‘phishing emails’
  • Do not reuse passwords for more than one login
  • Never share a password and or attempt to gain access to a system using someone else’s username and password
  • Report any suspicious emails or activity to the IG lead

At iComply we also use the following policies and procedures as part of our information security measures:

  • Backup Procedures and Software Log (G 135)
  • Subcontractor’s Confidentiality Agreement (M 217F)
  • Information Asset Log (M 217G)
  • Mobile Equipment Terms and Conditions (M 217I)
  • Compliance Monitoring Form (M 217K)
  • Computer and Software Access Log (M 217L)
  • Security Risk Assessment (M 217M)
  • Business Impact Analysis (M 217N)
  • Sensitive Information Map, PIA and Risk Assessment (M 217Q)
  • Disaster Planning and Emergency Procedures (M 255)

Further information
The National Cyber Security Centre

iComply
To find out more about iCompy and a special newsletter offer click here or email hello@icomply.cc or call 01409 254 354. You can also arrange a free online demonstration.

Terms of use: information in this article is written in general terms and is believed to be based on the relevant legislation, regulations and good practice guidance. This information is indicative only and is intended as a guide for you to review and take particular professional advice to suit your circumstances. CODE is a trading name of the Confederation of Dental Employers Ltd and it licenses information to Codeplan Ltd. CODE and Codeplan do not accept any liability for any loss or claim that may arise from reliance on information provided. The use of this information indicates acceptance of these terms. ©CODE 2018.