Another common security failure is the use of generic passwords – especially prevalent during password reset requests from users or on initial account creation. Think about it. If the standard procedure for creating a new account is to use the combination of the first initial of the first name and the entire last name for a userid, and the default password is set to ‘welcome’, how hard would it be for an “internal bad guy” to know the userid and password of a newly hired HR Director?

Note: The FNDLOAD utility can be used to migrate, among other entities, users, from one instance to another. If the user account being migrated does not exist on the target instance, FNDLOAD sets the password for that user to WELCOME, rather than the password used on the source instance. If you plan to migrate users using FNDLOAD, you should develop a procedure to deal with this security issue.

> back to list