Skip to main content
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
N-able
  • Request a Quote
  • Try Now
    • N-able RMM
    • N-able N-central
    • N-able Backup
    • MSP Manager
    • N-able Mail Assure
    • N-able Passportal
    • N-able Risk Intelligence
    • N-able Take Control
Request quote
N-able
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare N-able RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
SolarWinds MSP is becoming Read More
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business MSP Password Management
MSP Business

MSP Password Management

By Davey Winder
3 January, 2017

It is safe to say that both end users and passwords can bring insecurity to the enterprise. Unfortunately, even if Anne Robinson was hired as CISO, neither could be dismissed with a wink and a cheery, "you are the weakest link, goodbye!" 

Which isn't to say that mitigating the user credential threatscape has to be difficult; quite the opposite, in fact. Truth be told, a combination of technical common sense and logical policy management can help kick much of the breach risk to the kerb.

Best practices for enterprise password management 

Any enterprise security 101 book would have, written large upon the first page or two, “protect privileged accounts with complex, non-recycled passwords.” That even this tenet of best practice can be overlooked with alarming regularity explains why there are so many data breaches. Enterprise password management is not rocket science; in fact, you can do it in six simple steps.

1. Keep it complex!

When I say complex, what I really mean is random. And long. Personally I insist on a minimum of 16 characters, and if the system allows it—some online services that should know better still have restrictions that are criminally low—25 characters. These need to be a mixture of upper and lower case, alphanumeric, and special characters. Which doesn't mean taking Star Wars Return of the Jedi and turning it into “[email protected]@rs6ReturnoftheJedi!!!” because, while that is a passphrase and it is a whole heck of a lot better than a simple dictionary word, it still ain't random. 

Use a standalone password generator tool or the function built into a password management console, to create truly random strings based upon your length and character type requirements. Don’t worry too much about users remembering these complex strings: password management solutions exist to take care of that.

2. Change it often, but never reuse it

Last year the Communication Electronics Security Group (CESG), which is part of the UK Government GCHQ signals intelligence outfit, suggested in official guidance that organisations should not regularly change passwords. They reasoned that inconvenience to the user outweighed any perceived security benefit. By suggesting that complex passwords would be replaced by very similar ones so as to be more memorable, CESG grabbed the wrong end of the security stick in my opinion. What it forgot to take into account was that advances in security software mean that password managers make the act of creating, changing, and remembering passwords straightforward. 

Change your passwords on a quarterly basis (so, four times a year) and you will limit the potential damage from a breach that goes unnoticed for a long period of time. An overly draconian password change cycle with mandatory compliance is just as bad as no change cycle at all. It will get in the way of business and encourage users to look for ways to bypass it, weakening your overall security posture. So it's important to get the balance right. It should also go without saying, but sadly doesn't, that the same password should never be reused for more than one login.

3. Factor in another factor

The first rule of password club is never tell anyone your password—obviously. However, the second rule is not to just rely upon passwords alone for protection. Password security best practices recognise the value of a layered approach; implement 2FA (two factor authentication) where possible so that there isn't a single point of failure. By adding a token, be that in hardware or via a code-generating app, you bring something that the user has into the access equation alongside something they know.

4. Centralise IT

Managed services providers and their customers already know about the benefits of centralising IT administration. When it comes to security and password management in particular, it can be more than just cost efficient; centralising the process can improve your security posture as well. Think about it: if you have a bunch of different legacy solutions from different vendors all doing the same things but on different platforms, then you are asking for trouble. Quite apart from just how seamlessly these solutions will really work with each other, the larger your solution’s footprint, the greater the opportunity for vulnerabilities to be exploited. By connecting the silos and reducing the footprint, there are fewer updates to remember and a smaller attack window for the bad guys to get through.

5. Destroy human error

This may sound aggressive, but the underlying message remains: cut out as much opportunity for human error as possible, and let the machines do what machines are best at: automating the password management process. This doesn't mean you can, or should, remove the human gatekeeper altogether, but a solution that is policy-based and dynamic will streamline your security and leave less room for error.

6. Keep your policies fluid

Having just “bigged up” the bots and said that a policy-based system rules (if you'll pardon the pun), it may sound odd to be making the case for not setting your password policy in stone. It shouldn't. After all, since when has set-and-forget been even vaguely on the sensible password management policy scale? Your policy has to be dynamic and change with times, and that means it should be both event driven and intelligence driven. 

Don't be afraid to update it as and when it becomes necessary. Equally, don't be afraid to let everyone know when it has been changed and even when it has not. A policy is pointless, and toothless, if the users don't know about it. So adopt an “education, education, education” mantra. And that means across the board, including the Board. Password policy applies to everyone, and there can be no exceptions—even if you’re the boss.

You might also like...
MSP Business

Operation Cloud Hopper-A wake-up call for MSPs and IT service providers

MSP Business

Are companies spending their IT Security Budget on the wrong things?

MSP Business

How to keep on top of the malware threat

MSP Business

Do we go overboard with security?

MSP Business

A brief history of DDoS… and how to defend yourself and your customers

MSP Business

Security Awareness Training Tips

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • DearCry Ransomware Review 
  • PSA vs ITSM vs ESM: Part 2—Which is the right fit for your MSP?
  • 4 ways PSA software helps MSP businesses
  • PSA vs ITSM vs ESM: Part 1—What do they do? 
  • Endpoint security for Mac: What you need to know In 2021
Categories:
  • Security (252)
  • Tips & Advice (130)
  • Backup & Disaster Recovery (97)
  • Best Practices (97)
  • Managed Services (89)
  • The Head Nerds (88)
  • Business Growth (79)
  • IT Support (43)
  • Business (42)
  • Automation (41)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (37)
  • Remote Management (31)
  • ITSM (26)
  • Data (23)
  • Networking (22)
  • Cloud Computing (21)
  • PSA (16)
  • Marketing (15)
  • Product (11)
  • Service Desk (7)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Customer Service (3)
  • GDPR (3)
  • Internet of Things (3)
  • Training (2)
  • Research & Trends (2)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
  • Business Risk (1)
Show moreless
N-able

Products
  • N-able RMM
  • N-able N-central
  • N-able Backup
  • N-able EDR
  • N-able MSP Manager
  • N-able Mail Assure
  • N-able Risk Intelligence
  • N-able Take Control
  • N-able Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • COVID-19 Response
Support
  • N-able RMM
  • N-able N-central
  • N-able Backup
  • N-able Mail Assure
  • N-able Take Control
  • N-able MSP Manager
  • N-able Risk Intelligence
  • N-able Threat Monitor
  • N-able Passportal
  • N-able Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© N-able Solutions ULC and N-able Technologies Ltd.
All rights reserved.