Despite the existence of smart cards, biometric fingerprint readers and iris scanners, authentication to the IT systems typically managed by MSPs is still handled in the same, old-fashioned way: passwords.
Think, for a moment, of just one typical SME client, and how many passwords may be involved in their network infrastructure. Let’s start with server and domain admin passwords, passwords for various software management consoles, login details for a host of Web portals, router logins and BIOS passwords.
All of those, and we haven’t even got onto user passwords, which can include network logins, database passwords and even the four-digit pins needed to unlock smartphones.
How honestly can you say that you have all of these passwords under control for your entire client base?
Computer users often seem to object to standard best practice when it comes to password security. Although everyone knows that passwords should be complex, frequently changed and not written on Post-It notes on user’s keyboards, many people refuse to comply with guidance.
Most MSPs will have come across plenty of CEOs who insist that everyone has the same passwords and staff who persist in writing theirs on a notepad. Sadly, this doesn’t mean that these people won’t still blame you in the event of a security breach.
While enforcing client password security may seem like a constant losing battle, ensuring you always follow these guidelines should help:
Unfortunately, password concerns for MSPs don’t end with user passwords. MSPs also have to think about the myriad of system passwords across their whole client base.
These guidelines should help in the management of this large collection of passwords:
Passwords are often the last line of defense in IT security. Clients won’t hesitate to point the finger if a security breach occurs. It is therefore essential that you do everything possible to enforce password security and ensure every member of your team takes it seriously.