So, we know how important password security is for an organization’s security posture. What do you do about it?
1. Be the broken record
User awareness training plays a role in keeping users from using weak passwords. Yet, when it comes to both information retention and behavioral change, one-off yearly security trainings won’t do the trick. Make sure to hold trainings on a fairly regular basis, and send out refreshers and reminders via email. (Hint: This can also be an excellent way of keeping your brand fresh in your customers’ minds). Don’t be afraid to repeat yourself—repetition is important to truly get people in the habit of using strong passwords.
2. Set ground rules for password strength
You probably already know the importance of these factors, but you’ll need to keep reiterating these to your customers (and your own employees). First, make sure passwords are of sufficient length (longer is generally better), and use a mixture of uppercase letters, lowercase letters, symbols, and numbers. Also, avoid using numbers at the end of a password—this is a fairly common pattern, and criminals pick up on it. Numbers and symbols should go earlier in the password, if possible. Also, it’s worth suggesting people use a passphrase they can remember rather than a single password. This can help users meet length requirements to make the passwords hard to guess, while still making them easy to remember.
3. Set password refresh policies
Additionally, try to implement a rule requiring users to change their passwords on a regular basis. This allows you to update your password rules and make sure users follow the latest guidelines, but also limits the damage if criminals steal some passwords. Also, remind customers not to reuse passwords across important accounts—if their credentials end up in a data breach, this could compromise other important systems.
4. Change default passwords
Another important thing to remember—change default passwords on important services. This applies to every service, but it’s especially important on tools built to facilitate remote working, like remote support tools or VPNs. It’s not uncommon for people to use a default password when setting things up, then forget to change the password later. Also, remind your customers to do the same when working on home networks. They should reset default passwords on home devices, especially their Wi-Fi, and make sure they’ve done so on administrator pages for any smart device.
5. Automate as much as possible
The biggest challenge with passwords is that they’re simply a pain in the neck to manage. Many people will naturally choose convenience over security, so it’s important to try to make life easier on them. That’s why it’s so important to use a good password management solution. Users can sign in once with their master password, then sign into their myriad accounts with an automatically generated password in a single click. No need for endless creativity to come up with new passwords, and no need for a photographic memory to remember them. Plus, with a password management tool like SolarWinds® Passportal, you can set password requirements for end users, automate password refreshes as needed, and grant or revoke access to accounts as needed.
An easy fix for a hard problem
The username/password authentication model wasn’t really developed to handle the modern IT environment. With an explosion of cloud services, users can quickly get overwhelmed and opt for shortcuts around password security. If you follow these tips, you should be able to help keep your security posture strong.
A stolen password for a customer’s employee can become a major problem; a stolen password for a member of your own MSP team is pretty much guaranteed to be one. If criminals gain access to even one team member’s passwords, they can potentially compromise multiple customers and put your business in serious jeopardy. SolarWinds Passportal, a password management solution designed for MSPs, can help. It allows your team to automatically generate passwords and allows you to easily grant and revoke access as needed. Plus, you can offer password-management-as-a-service to your customers via Passportal Site, allowing you to prevent password breaches for them while also earning additional monthly recurring revenue without adding a new labor-intensive service. Learn more today about both solutions by visiting passportalmsp.com.
