Problem: Password Security

Policy:

Users prefer easily guessed passwords, write and share passwords.

Authentication:

Weak caller authentication prior to HD password resets.

Delegation:

Support staff require too many administrative logins.

Accountability:

For support staff who perform resets.

Encryption:

Passwords should not be sent or stored in the clear.