- Audit the accounts on your systems and create a master list
- Develop procedures for adding authorized accounts to the list, and for removing accounts when they are no longer in use.
- Validate the list on a regular basis to make sure no new accounts have been added and that unused accounts have been removed.
- Run a password cracking tool against the accounts looking for weak or no passwords. (Make sure you
have official written permission before employing a password cracking tool.)
- Train users
- Install password checking tools
- Use alternative authentication methods