Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business ITSM Forgotten Passwords: The Bane of the Admin's Existence
ITSM

Forgotten Passwords: The Bane of the Admin's Existence

By Dan Toth
5 October, 2017

The company I work for evaluates residents for enrollment in government-run healthcare programs. In order to do their job, our employees must have credentials for our local domain, applications housed at corporate headquarters, and various legacy systems run by the state. Each employee has more than half a dozen sets of credentials to keep track of. Consequently, the following dialog is seen frequently:

End User: I changed my password and now I’m locked out.

Admin: Which password?

End User: My computer password.

Admin: WHICH computer password? Would this be your Windows®, Outlook®, AppA, AppB, AppC, or your AppD password?

End User: They’re all the same.

Admin: That can’t be since they’re all different credentials that expire at different times and have different requirements. For instance, Windows and Outlook require you to include special characters, but AppC and AppE don’t understand special characters. Windows, Outlook, and AppA require that you choose a new password every 60 days, AppB and AppC every 90 days, and AppD doesn’t let you change your password at all.

End User: Oh, if did a Control-Alt-Delete and picked “change a password,” which one did I change?

Admin: That would be your Windows password.

End User: Well I tried that password three times for AppA, and now I’m locked out.

Admin: I can reset that for you.

End User: How about AppB?

Admin: You’ll need to call the corporate help desk.

End User: How about AppC?

Admin: You’ll need to call the state help desk.

Conflicting Requirements for Passwords

TooManyPasswords.jpgYeah, it can get ugly; different systems, some old, some new, some run by different organizations. Some are built around password requirements from 1993, while others use password requirements from 2003. Oddly, it turns out that one set of practices isn’t much better than the other. In the early 2000s, the National Institute of Standards and Technology (NIST) guideline told us to adopt practices such as: making our passwords nonsensical and complicated, using letters (upper- and lower-case), numbers, and special characters ([email protected]#$%^&*()_),  changing our passwords regularly, and using different passwords for each app and website.

Unfortunately, while those guidelines make some technical sense, they caused all kinds of security problems due to human behavior. That’s a big problem since human behavior is the weakest link in the security chain already. People can’t keep track of all that complexity, so what do they do? They use the same password on as many systems as possible. When they have to change it every 30 days, they just use the name or number of the current month in the password. When they have to include a special character, they put an “!” at the end. And worst of all, passwords get written down and stored in the top right drawer or under the keyboard of almost every desk. Yet even with all that, Admins still spend a large portion of each day helping locked out users get back in.

NIST to the Rescue

lifeline.jpgThankfully, NIST is in the process of making our lives easier with this year’s Special Publication 800-63B Digital Identity Guidelines. This includes recently revised guidelines for creating passwords, and this new advice rejects many of the principles behind its 2003 recommendations. The new guidelines run along the lines of keeping passwords simple, long, and memorable. Things such as sequential characters and repeated characters are still discouraged, as are things like over used passwords (your name, [email protected], etc.). But using phrases that make sense to you is encouraged. And passwords never need to expire.

Now, while NIST no longer recommends special characters and numbers, I’m still a fan of using common sense complexity in passphrases. Something like “Meet for dinner @ 7 P.M.” makes sense, is easy to remember, and has complexity. If a particular authentication system doesn’t understand blank spaces, then the passphrase can be “[email protected]” Following this advice benefits you in two ways, both by making it easy to remember your passwords and strengthening them. 

So join me in bringing about a better password future and in hoping that the new NIST guidelines are adopted quickly in our industry.

 

Dan Toth is an information systems specialist with a proven background in the development and management of systems, projects, and personnel. Dan’s particular areas of strength include Network Management, Healthcare-Related Computer Systems, Technical Training, and Information and Physical Security.

 

For more blogs on password management, click here.

 

© 2017 SolarWinds MSP UK Ltd. All rights reserved.

 

You might also like...
IT Support

Managing Employees’ Internet Usage

MSP Business

3 key benefits to proactively monitoring your IT networks

MSP Business

Understanding bandwidth throttling for backup

MSP Business

Take your security to the MAX with real-time monitoring

MSP Business

Income: High quality vs low quality

Managed Services

TAP Blog Series: Maximizing Your Service Delivery Opportunity

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.