Passwords are a fact of life in today’s tech-driven world. Like your house key gives you entry into your living space, passwords allow you to gain entry to the parts of your life you live online. But although you have just one house key, you probably have many, many more passwords than that – and they won’t fit on a keyring! It’s estimated that the average user must keep track of anywhere between 85 and 200 passwords.
Passwords are the key to your technological kingdom, and each of your employees has their very own set of keys. You must protect your business data by helping your employees to manage the passwords they use to access your systems.
Best Password Practices
Password management can be a daunting task if you don’t have guidelines in place. Your employees likely have numerous passwords to access your systems in addition to their own personal accounts. It can get confusing. Set some ground rules around password use in your business:
Encourage Passphrases
Passwords can be easy to crack (if you use a common one) or hard to remember (if you have a random string of letters, numbers, and special characters). Passphrases, however, use real words in a nonsensical manner, which makes them easier to remember but harder to crack.
Don’t Recycle
Recycling bottles and cans is good for the environment, but recycling passwords is not good for your business. Studies have shown that nearly 75% of users recycle passwords and nearly 70% tweak passwords they have used before. Encourage employees to use different passwords/passphrases for each system they need to access in your business.
Blacklist Common Passwords
Common passwords like “qwerty” and yes, “password” are just begging to be cracked. Provide your staff with a blacklist of commonly used passwords. In addition, caution them against including elements that could be guessed easily, like birthdates, pet names, or favorite sports teams.
Eliminate Password Expiration Policies
Requiring users to change passwords periodically often leads to password recycling. Think about it: a user met with a prompt to set a new password will often use a previously-used password in their haste to access their account. In fact, Microsoft has dropped its password expiration policy for its Windows 10 baseline security settings.
Use 2FA
Two-factor authentication can help to make access to your internal systems more secure. By requiring an additional piece of information, you protect business data from unauthorized access should an employee’s login credentials be exposed.
Use a Password Manager
Give your staff a break from having to remember numerous passwords. A password manager is essentially a vault that stores login credentials. Users access their personal vault through a single log-in with a master password. Consider it a secure, high-tech version of the written crib sheet. Plus, password managers can help users to generate secure, complicated passwords that don’t need memorizing.
Simplify and Protect Account Access With a Password Manager
There are numerous password managers available, both for individuals and for businesses. Which one you choose will depend and what makes sense for your situation. For most businesses, a subscription-based password manager allows for multiple users and syncs to multiple devices. Lieberman Technologies uses LastPass, and though there have been security incidents in the past, we still believe it is a secure option.
The Future of Passwords
There is talk in many tech circles that the humble username/password combo will eventually die, replaced by another method of access that is more secure. This password-less future will rely on authentication by other means, such as biometrics or physical security keys in a single-sign-on environment.
The Fast Identity Online (FIDO) Alliance is an industry association formed in 2012 with the goal of eliminating reliance on passwords. Many tech industry leads are part of this group, including companies like Microsoft, Amazon, Google, and Apple. Rest assured, widespread password-less logins backed by local authentication is coming… eventually. Until then, you’re still going to have to manage your passwords.