Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security 10 Tips to Help You Improve Password Management
Security

10 Tips to Help You Improve Password Management

By Colin Knox
9 October, 2019

Passwords are the cornerstone of your cyberdefenses, but managing them effectively and securely can be a real challenge—particularly if you’ve got hundreds spread out across a large number of different customers. Here are ten things that will help you take your password management to the next level, both for your own company and your customers.

1/ Educate your techs on password best practice

Educating your team on best practices in password upkeep is essential. Here are some quick tips to ensure your password practices are up to scratch:

  • Ensure the complexity of passwords is set high by including three random words, a mix of upper- and lowercase letters, numbers (3756), and symbols (!#$%)
  • Set your password to at least 16 characters
  • Do not use commonly known names or numbers  
  • Schedule passwords to be changed every 90 days
  • Do not store passwords on sticky notes or in Excel spreadsheets

2/ Educate your techs on cybersecurity

Cyberattackers rely on human error and lack of attention to conduct sophisticated data exfiltration against targeted businesses, and more often than not they succeed. Providing security awareness training for your techs and your customers is imperative and it should not be overlooked. The good news is, you can also add security awareness training as part of your service offering. 

3/ Know what password types NOT to use

CTA Image

Password and Documentation Management

Request a Demo Learn More

If you’re scratching your head not knowing what passwords to use the next time you need to generate a considerable amount of new passwords for customers, one piece of the puzzle is knowing the types of passwords NOT to use.

When thinking of new passwords, refrain from using values known to be commonly used, expected, or compromised, a National Institute of Standards and Technology (NIST) study reveals. 

NIST established four main types of passwords that are easily cracked:

  • Passwords obtained from previous breach (don't just tack a '1' at the end)
  • Dictionary words (eg. apple)
  • Repetitive or sequential characters (e.g. aaaaaa, 1234abcd)
  • Context-specific words, such as the name of the service, the username, or derivatives (e.g. MSP1, password1, ADMIN)

Implementing a password tool can help automate password generation at any frequency. This saves the hassle and alleviates technician time.

4/ Use multifactor authentication (MFA)

Using multifactor authentication (MFA) is absolutely critical in today's industry. With all the advanced persistent threats (APTs) that have been increasingly targeting MSPs recently, using a multifactor authentication will add another layer of security for you and your customers. 

5/ Employ access management for privileged credentials

Threats exist for MSPs from external and internal sources and you need to know about them. Whether it is an external hacker or rogue employee, exfiltration can happen through a number of angles. Ensuring you have adequate access management is vital to prevent these types of breach.

6/ Know the right way to generate complex passwords

Protect your business by using complex strings of nonreused passwords. Combine this with a password generation tool as a simple solution to manage all your passwords effortlessly. To help keep your passwords unique and hard to breach, maintain at least a 16-character count with the following four tips in mind: 

  • Three to four random words (e.g. Lights, Tech, Clouds)
  • Upper- and lowercase (e.g. LightsTechClouds)
  • Numbers (e.g. LightsTechClouds9)
  • Special characters/symbols (e.g. LightsTechClouds9%)

Implementing a password generator tool with an automated function that creates complex password strings that are stored and rotated within the tool itself means there’s no need to memorize 1000+ passwords or think of the copious amounts of unique words, characters, symbols, and more for each individual password.

7/ Harness the power of automation 

When it comes to best practices in password security, there is one crucial component that is often overlooked or ignored, and that is password rotation. As an MSP managing a multitude of passwords for a variety of organizations, the idea of changing even one password can be daunting. Since password rotation refers to changing all the passwords on a variety of systems on a frequency basis, where does an MSP start and when should passwords be renewed? 

MSPs should be rotating passwords on all:

  • Customer's systems accounts
  • Network appliances
  • Cloud services and portals
  • Line of business applications
  • AND do not forget about your own technicians

But what about frequency?

It is recommended to change all passwords on these terms:

  • Instantly (if a breach occurred—remember not to recycle credentials)
  • 3 months minimum (for credentials that give access to sensitive data)
  • 6 months maximum (Covers all your bases and solves existing/former staff knowing privileged credentials) 

Deploying a password management tool can enable you to do automate this whole process!

8/ Eliminate the need for password resets

If you could pinpoint that one thing that is eating up all your technicians’ time, what would it be? Is there something weighing heavy on your service desk and stacking up all your tickets? To take an educated guess originating from the internal workings of an MSP, this has to be password resets. Adopting a password reset app to give your customers on Windows, Active Directory, Azure AD, and Office 365 the ability to reset their own secure passwords through identify verification directly from their mobile will eliminate those service tickets that lower operational efficiency and decrease your costs. 

9/ Ensure you have password auditing and accountability

Customer data is the most valuable asset any business has, and your team has virtually unencumbered access to it all.  As a result, you and your customers deserve and need to know who has accessed their systems and when it happened. 

Implementing an auditing and reporting tool that simplifies this process and helps you maintain a bird’s-eye view of what’s going on. 

10/ Implement privileged customer knowledge management

Combining password management and IT documentation creates one unified solution: privileged customer knowledge management. By simplifying the documentation process and offering standards around documentation through permissions within a single console, your technicians can leverage security and automation to rapidly access customer knowledge. 

Benefits of privileged customer knowledge management include:

  • Password security, automation, and resets
  • Technician access control
  • Standardized and centralized IT documentation management
  • Seamless integrations for data synchronization 

 

Colin Knox is director of product strategy, SolarWinds Passportal.

 

Additional reading

Password management—A quick best practice guide
How to Build Password Policies for Your Customers
Forgotten Passwords: The Bane of the Admin's Existence
You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.