Boston IT Support Provider on Best Practices for Company Password Policies

Password management bad habits often form the weakest link in a company’s cyber security strategy. More specifically, employee password reuse is a significant challenge and can lead to a severe breach of corporate systems. According to a recent survey by Google, 65% of people admit to re-using passwords at work and in their personal life. All it takes is for one website or service provider to suffer a breach of their customer database, and your employee’s re-used password can end up in the wild.

Businesses of all sizes should address the password re-use problem by effectively educating employees on the right password management best practices while implementing technologies to take your use of identity and access management (IAM) to another level.

This blog explores the five most crucial password policy best practices for organizations.

IT Support Provider in Boston Explained 5 Most Important Password Policy Best Practices For Organizations

1. Password Length and Complexity

Businesses should take a proactive stance on educating employees on the best practices around password management. Let’s start with the basics.

Passwords should be a very minimum of eight characters in length. The password should use a combination of ASCII characters – uppercase, lowercase, numbers, and symbols. Ideally, employees should use a random password generator, which is often a handy feature of a password manager tool. More on that in a moment.

Employees should avoid using common words and combinations found in “password dictionaries,” such as 123456, password, qwerty, passw0rd and so on. Adjacent keyboard strings should also be avoided, such as qwerty7894.

2. Don’t Re-use Passwords

Perhaps the most significant challenge in password management is the re-use of passwords. A typical employee today may have dozens or even hundreds of websites, accounts, and software tools that they need to manage across their personal and business life. Therefore, it is understandable how people fall into the bad habit of re-using passwords. But it really should be avoided at all costs.

Organizations that take cyber security seriously should invest in software tools and training to help employees understand the dangers of bad password habits and what to do about them. At NENS, we deliver cyber security awareness programming to clients and their staff to help these organizations develop a security culture.

3. Use a Password Manager

The best way to break the habit of password reuse is to use a password manager. A password manager is a software tool that allows your employee to store unlimited strong passwords in a highly encrypted password vault, accessible with a single master password. LastPass and Dashlane are two popular and highly regarded password managers. These tools come standard with a host of different features which make proper password management habits a snap.

According to a Boston IT support provider, password managers offer a convenient feature of generating robust and unique passwords for each website, service, or software tool. This feature allows employees to update their passwords across multiple sites and services easily. This approach eliminates the issue of password reuse, as employees only need to remember their master password to access their password vault.

Password managers also feature a browser extension that auto-fills passwords into websites and SaaS applications as the employees do their work throughout the day. All the user needs to do is to log in once at the beginning of their browsing session, and then all of the required passwords get auto-filled from the password vault. Password managers help with both halves of an employee’s life, whether work or personal. Once an employee reaches the hang of using a password manager, there is usually no going back.

4. Leverage Multi-Factor Authentication (MFA)

Whether employees adopt a password manager, another critical step for companies is implementing multi-factor authentication across all corporate systems and software tools. An MFA solution leverages something the user knows, such as their password, with something they have, such as a smartphone with an authenticator application that generates a randomly generated one-time password.

Implementing MFA can pay huge dividends for organizations. Microsoft says over 99.9% of account compromise attacks are stopped by using MFA.

With MFA, even if a cybercriminal compromises a user’s password, their attempt to authenticate and breach their account will fail because they don’t have their smartphone handy. At NENS, we standardize on MFA powered by Cisco Duo, an industry-leading and easy-to-use MFA solution.

MFA can be used in concert with password managers, as well. First, password managers can leverage a second authentication factor just to unlock the user’s password vault. And secondly, if your organization implements MFA for all corporate systems, the main passwords for work systems can be randomly generated and stored in the password manager.

5. Implement Single Sign-on (SSO)

Single sign-on solutions are another way for organizations to tame the password beast. An enterprise SSO solution delivers many of the same benefits to users as a password manager, but it is organized and managed at the corporate level. An enterprise SSO solution allows users to log in once with their primary corporate credentials and then be dynamically logged into all other corporate applications throughout the workday. The solution will often present all of the user's corporate apps on a single, web-based dashboard. Like with a password manager, security is improved because each discrete app or tool has its own unique password, while the employee's life is simplified since they only need to log in once to access all of their applications.

NENS is here to assist both new and existing clients in enhancing their organization's password best practices. We value your inquiries and are committed to helping you evolve and improve your implementation. As a trusted IT support provider in Boston, we offer valuable insights and guidance. Contact us today for more information on how we can support your organization.

Contact Information:

New England Network Solutions - Boston Managed IT Services

399 Boylston St 6th Floor
Boston, MA 02116
United States

Jackie Feathers
(855) 918-2126
https://www.nens.com/