Strong Access Code Recommendations
If the site is using magnetic swipe cards or proximity cards, the code will already be programmed on the card. If the site is using individual access codes for each user, strong codes are important for the security of the site. If a user's access code is compromised, a thief can use the code to gain illicit access to the site. This can mean monetary losses to a site.
1. Codes should be unique for each user. Even if multiple users share the same unit (such as spouses or employees of a company), each user should have their own code to identify their activity on the site. Remind your users not to share their codes with anyone and that they are responsible for all activity that occurs with their code.
2. Codes should always be more than four digits in length to prevent them from being easily guessed. Seven to ten digits make the best codes.
3. Codes should not proceed in numeric order. This helps prevent customers from guessing other codes. If you are pre assigning codes, count by threes or sevens to help prevent this. If you are ordering swipe cards or proximity cards, request this.
4. Never use Social Security Numbers for codes.
5. Good codes are random enough to prevent guessing but still easy for users to remember. Try using the unit number plus the user's telephone number. This will generally give a long enough code that will be unique to each customer but is still easy to remember. For example, a customer in unit C130 whose home phone number is (33) 2541-1513 could be assigned 3325411513 as their ten digit code.
6. Manager codes, employee codes, and customer codes should all be different lengths. This helps prevent someone from guessing a code used by someone with a higher access level. For example, you could assign all managers eight digit codes, all employees nine digit codes, and all users ten digit codes. If you are ordering swipe cards or proximity cards, request separate number series for employees, managers, and users.
7. If you suspect a code is being used by someone other than the assigned user or if a user reports their card lost or stolen, go into the Setup Cards function by pressing F3. Select the code from the list and edit it. In step 2 of 2, click Card was Reported Lost. Contact the user and assign them a new code. When someone tries to use this code again, it will show as Lost or Stolen on the event log.
8. Use the Bad Attempts setting. Go to the Setup screen in StorLogix and select Setup AI Devices. Make sure the advanced options are clicked and go to step 5 of 6 and set the Bad Attempts Limit. Generally this should be set between 3 and 5. This is the number of wrong codes that can be entered before the system locks up to prevent someone from entering random codes trying to guess a good code.
No comments:
Post a Comment