Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security How to Build Password Policies for Your Customers
Security

How to Build Password Policies for Your Customers

By Eric Anthony
26 April, 2019

Building your customer password policy can be tricky because it needs to balance security and convenience. Too much convenience, and you lose security. Too strict, and no one will use it.  

As a managed service provider (MSP), how do you create password policies that work for everyone? First, let’s look at some key elements that go into creating a comprehensive policy.

1/ Password complexity

passwords3_blog.jpgThere are several aspects you need to think about when looking at password complexity; here are some common factors to consider:

  • Character sets—A good rule of thumb is passwords should contain at least three of the four types of characters: upper case, lower case, numbers, and symbols.
  • Password length—Passwords should be a minimum of eight characters long but preferably closer to 15. You can use passphrases to make long passwords easier to remember.
  • Forbidden words—Passwords should never contain parts of the username/login, name of the service, or personal information, like date of birth or ID numbers. Also, never use the same password across different devices, such as the same password on routers and server access. And the big one for all users: Always create unique passwords; never use the same one as you have for applications like Facebook or LinkedIn, for example.

2/ Password changes

What happens when it’s time to change passwords? You need to carefully consider how often those changes need to be made. Here are some things to think about:

  • Password history—Do not reuse old passwords. Do not create “new” passwords by simply changing one character. 
  • Forced password resets—Traditional password reset models dictated passwords should be changed at least every 180 days, ideally every 90 days. However, advice and guidance on this is starting to change, as this article from the SANS institute explains. 

Passwords1_blog.jpgEach of the elements above offers something different in creating secure passwords. Complexity creates passwords that are harder to brute force attack or guess. Not using the same password across different logins helps protect all your accounts in the event one is breached. Forced password resets help protect against undiscovered breaches—by changing your passwords periodically, you increase your chances of having a different password when a malicious actor gets around to using one extracted from a breach. Also remember, as a company’s MSP, it is your responsibility to periodically change administrative passwords for devices and services.

The role of two-factor authentication

In addition, users need to utilize two-factor authentication (2FA) everywhere it is available—it is not available everywhere yet, but it is becoming much more prevalent—and most popular online services allow it as an option. It works by combining something you know and something you have (usually your phone) to create a more secure login. At the time of writing, it is probably one of the best available combinations of high security and ease of use.

Communicating your password policy

For MSPs, the most important part of a password policy is how it is communicated to customers. Firstly, it must be written down and readily available for reference when setting up new accounts. Some MSPs even go to the extent of adding their password policy to their contracts, so if the policy is not followed, the work to remediate any issue related to password breaches becomes billable. 

Mitigating human error

Since human behavior and error are responsible for a substantial portion of breaches today—the Ponemon Institute Cost of Data Breach Study 2018 found that 27% of data breaches were caused by human error—it is highly important to educate end users on the importance of secure passwords. You can only enforce policy so much, most of the time you must rely on users making good judgement when creating and maintaining passwords.  

To help this process along, many MSPs hold periodic training for their customers in order to reinforce proper security guidelines and educate on new threats. These training sessions can count as billable time or, for a fully managed plan, can be included as part of their monthly fee. The overall benefits to the MSP are less security issues and a closer relationship, not only with the customer’s main contact, but with their end users as well.

Security is of paramount importance today, and passwords are the gateway to much of the information and services that represent prime targets for malicious activity. Enforcing a solid password policy and educating your customers on proper passwords are two key pieces of the security puzzle—and very often, the hardest to put into place. Using the right balance of security and usability will help you create the right password policy for your customers.

 

Additional reading

  • Password Security: Central to GDPR Readiness
  • Enterprise Password Management Best Practices
  • Forgotten Passwords: The Bane of the Admin's Existence
  • Password management - A quick best practice guide

 

Eric Anthony is principal of customer experience at SolarWinds MSP. Before joining SolarWinds, Eric ran his own managed service provider business for over six years.

You can follow Eric on Twitter@EricAnthonyMSP

 

Want more tips on growing your MSP business? Click here to read more of our blogs.

 

The SolarWinds and SolarWinds MSP trademarks, service marks, and logos are the exclusive property of SolarWinds MSP UK Ltd. or its affiliates.  All other trademarks are the property of their respective owners. 

You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.