Password Controls :
There are few fundamental problems in maintaining the integrity of the password, they are:
i. Users for their convenience write down the password, as they are hard to remember.
ii. Users to reduce the burden of remembering cumbersome passwords, opt for easy to use passwords, which are also easy to guess.
iii. Users in routine do not change their passwords at regular intervals.
iv. Users fail to appreciate the importance of having password and consequences of its being compromised.
v. Passwords in Banks change hands very fast for the convenience of work.
vi. Certain Access Control Mechanism requires users to enter multiple passwords.
vii. Certain System Software does not store password in the encrypted form.
viii. Passwords are not changed / deleted on the transfer / retirement of the operator / officer in the Master Record of the System Software.
ix. Passwords are transmitted in clear test form, especially in Wide Area Network (WAN). Auditors are required to take extra caution in verifying the integrity of passwords in the branches. Following issues should be looked into to establish the integrity:
a) Password Register for the updating with the changes.
b) Passwords secrecy is maintained by the following officers of the Bank:
i. Branch Manager
ii. System Administrator
iii. Users
iv. Authorised Persons
c) The critical passwords, for accepting sensitive jobs are known only to Branch Manager or System Administrator. Sensitive jobs include:
i. To enter operating systems.
ii. To take back-ups.
iii. To monitor disk space.
iv. To create/edit Master Records.
d) The Operating System Password is kept under Dual Control of Branch Manager and System Administrator. The password should be protected in
a sealed cover and opened in the presence of at least two persons. It should be changed at once on being opened.