Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security 5 Tips for Rock-Solid Password Security
Security

5 Tips for Rock-Solid Password Security

By SolarWinds MSP
24 November, 2020

There’s a lot of flash around some topics in security. Whether it’s the ever-present, evolving threat of ransomware or a new threat du jour, it’s definitely important to stay on top of these developments. But it’s also easy to get distracted from the fact that a good portion of cyberattacks often come from small holes in a security posture.

One of the biggest threats we face as an industry, particularly during an era of remote working, is the use of weak or reused passwords. Today, we’ll talk about some developments around passwords and remind you of strong practices to keep your passwords safe. 

The latest on passwords

Passwords really weren’t created to do the type of heavy lifting we require of them now. When username/password combinations were first developed, a user only needed a few passwords to get by. They could connect to their computer or a mainframe without much trouble. Currently, however, people have a multitude of services requiring authentication credentials, making it hard to keep track of all the passwords. 

This puts a very heavy burden on users to come up with strong passwords for each account and, more importantly, remember them. This leads people to reuse passwords across accounts. While this may seem obvious, the extent of the practice can put a finer point on it—SpyCloud found roughly 76% of Fortune 1000 employees used the same password from their corporate email on other accounts. This stat isn’t meant to pick on those companies—rather, the point shows that even large companies that can afford strong security postures still have widespread password problems. That means anyone can, including your customers or even your own employees. 

But how prevalent are these attacks? The 2020 Verizon Data Breach Investigation Report stated that of hacking-related breaches, more than 80% involved either brute-force password attacks or stolen user credentials. Of course, there are other kinds of attacks—from malware to social engineering—but this demonstrates that passwords play a central role in anyone’s security posture. 

The rules of the road

CTA Image

Password and Documentation Management

Request a Demo Learn More

So, we know how important password security is for an organization’s security posture. What do you do about it?

1. Be the broken record

User awareness training plays a role in keeping users from using weak passwords. Yet, when it comes to both information retention and behavioral change, one-off yearly security trainings won’t do the trick. Make sure to hold trainings on a fairly regular basis, and send out refreshers and reminders via email. (Hint: This can also be an excellent way of keeping your brand fresh in your customers’ minds). Don’t be afraid to repeat yourself—repetition is important to truly get people in the habit of using strong passwords. 

2. Set ground rules for password strength

You probably already know the importance of these factors, but you’ll need to keep reiterating these to your customers (and your own employees). First, make sure passwords are of sufficient length (longer is generally better), and use a mixture of uppercase letters, lowercase letters, symbols, and numbers. Also, avoid using numbers at the end of a password—this is a fairly common pattern, and criminals pick up on it. Numbers and symbols should go earlier in the password, if possible. Also, it’s worth suggesting people use a passphrase they can remember rather than a single password. This can help users meet length requirements to make the passwords hard to guess, while still making them easy to remember.  

3. Set password refresh policies

Additionally, try to implement a rule requiring users to change their passwords on a regular basis. This allows you to update your password rules and make sure users follow the latest guidelines, but also limits the damage if criminals steal some passwords. Also, remind customers not to reuse passwords across important accounts—if their credentials end up in a data breach, this could compromise other important systems. 

4. Change default passwords

Another important thing to remember—change default passwords on important services. This applies to every service, but it’s especially important on tools built to facilitate remote working, like remote support tools or VPNs. It’s not uncommon for people to use a default password when setting things up, then forget to change the password later. Also, remind your customers to do the same when working on home networks. They should reset default passwords on home devices, especially their Wi-Fi, and make sure they’ve done so on administrator pages for any smart device.  

5. Automate as much as possible

The biggest challenge with passwords is that they’re simply a pain in the neck to manage. Many people will naturally choose convenience over security, so it’s important to try to make life easier on them. That’s why it’s so important to use a good password management solution. Users can sign in once with their master password, then sign into their myriad accounts with an automatically generated password in a single click. No need for endless creativity to come up with new passwords, and no need for a photographic memory to remember them. Plus, with a password management tool like SolarWinds® Passportal, you can set password requirements for end users, automate password refreshes as needed, and grant or revoke access to accounts as needed. 

An easy fix for a hard problem

The username/password authentication model wasn’t really developed to handle the modern IT environment. With an explosion of cloud services, users can quickly get overwhelmed and opt for shortcuts around password security. If you follow these tips, you should be able to help keep your security posture strong. 

A stolen password for a customer’s employee can become a major problem; a stolen password for a member of your own MSP team is pretty much guaranteed to be one. If criminals gain access to even one team member’s passwords, they can potentially compromise multiple customers and put your business in serious jeopardy. SolarWinds Passportal, a password management solution designed for MSPs, can help. It allows your team to automatically generate passwords and allows you to easily grant and revoke access as needed. Plus, you can offer password-management-as-a-service to your customers via Passportal Site, allowing you to prevent password breaches for them while also earning additional monthly recurring revenue without adding a new labor-intensive service. Learn more today about both solutions by visiting passportalmsp.com. 

 

You might also like...
Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Security

National Computer Security Day—It’s Not Just About the Computer Anymore

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
  • TAP Blog Series: Maximizing Your Service Delivery Opportunity
  • Why Do MSPs Choose SolarWinds Backup? IT Central Station Finds Out
  • Seven Features Remote Assistance Software Should Have
  • TAP Blog Series: Creating Your Automation Strategy—Three Key Components You Must Have in Place
Categories:
  • Security (229)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (82)
  • Business Growth (75)
  • The Head Nerds (74)
  • IT Support (41)
  • Business (39)
  • Cybersecurity (37)
  • Automation (36)
  • Operations (33)
  • Mail (33)
  • Remote Management (27)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (10)
  • Mobile (4)
  • Risk Intelligence (4)
  • Service Desk (4)
  • Services & Support (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.