Does Your Business Have A Password Management Strategy?
Your employees are both your company’s greatest asset and its most glaring point of weakness, especially where information security is concerned. The unfortunate reality is that most people have terrible password habits.
Bad password habits typically take one of two forms: Either a person will use an incredibly weak, easy to guess password, or they’ll use the same password across multiple platforms. In the worst cases, a person will have both of those habits, which creates a genuine risk for your firm. We’ll take a closer look at both problems to better understand how and why.
The Weak Password Problem
One of the most common methodologies hackers use to guess a user’s password is simple brute force. They just keep trying the most common passwords to see if one works. They usually don’t have to try very hard because of course, the most common passwords are used by lots of people. These include passwords like:
Bad passwords can also include things like the user’s birthday or some other important date in that person’s life. Anyone with even basic access to information about an individual (access to their Facebook account, for instance) can easily guess these types of passwords, so if your employees are using them, they’re giving hackers an easy inroad into your company’s network. As bad as that is, the second problem is actually much worse.
The Same Password Used Across Multiple Platforms Problem
The average employee at your firm is typically plugged into at least half a dozen password protected subsystems inside your company’s network, and likely more than that. If an employee is using the same password to access all of those systems and that password becomes compromised, then they’ve essentially given the hacker who stole or guessed their credentials the keys to the kingdom and the ability to access every system they can get into for the price of the time it took to guess that one password.
Obviously, if you put those two issues together it’s even worse, but what’s the solution?
The good news is there are two excellent answers to that question, but both require you to spend some time formulating an official password management strategy. The first step in that process is, of course, deciding what minimum standards you want to set for employee passwords, including composition and frequency of changing, and then make sure your employees are abiding by those standards.
That, however, will only get you so far. The twin pillars of a truly effective password strategy include making use of two-factor authentication at every opportunity, which makes a compromised password only one part of what is needed to gain access to your critical systems, and second, use a password management service of some kind.
There are a number of robust, high-quality password managers available today, but they all provide a level of protection that is beneficial to your business. These services encrypt and store your passwords for you, so you don’t have to remember them. When you log onto one of the sites or services you need, you simply retrieve your stored password from the vault, which enables you to spend more time creating truly robust passwords that would otherwise be difficult to recall.
If you don’t yet have a clearly defined password management strategy that incorporates both of the above, we can help. Give our office a call and talk with one of our knowledgeable subject matter experts and let us help you get firmly on the path to better password security.
Our Credentials and IT Services:
- Award Winning (MSP Mentor) Managed Services Provider
- Microsoft Silver Certified Partner & Small Business Specialist
- Managed IT Security Services Bundled into Support Plans
- Your Local and Reliable New Jersey IT Consultants