Password policies are no laughing matter. As websites continue to be breached each year, often by increasingly sophisticated hackers, it is more important than ever that administrators create and enforce strong password policies in their organization. Additionally, users must be educated on what constitutes a strong password, so they can help be part of the solution rather than adding to the potential problem. User-driven passwords are the first line of defense against scammers and hackers, meaning that strong password policies must be enforced across an entire company (and not just among the highest level admin users) if you want to keep confidential user information and proprietary organizational data truly secure.
Certainly, multi-factor authentication and technologies such as one-time passwords, client certificates, smart cards and biometrics can be added to your systems to significantly enhance security, but the fact remains that traditional passwords are frequently still the primary method of user authentication. Therefore, when administrators set out to create a password policy, they should focus on a few key initiatives:
- Clearly define what a strong password is to all users, and then provide the necessary training and support to ensure there is compliance across the board.
- Enforce the use of strong passwords across your network.
- Educate users how to manage their strong passwords.
There’s no doubt about it, the strongest passwords are totally random – making them difficult to guess – but often the issue with truly robust passwords is that users have difficulty remembering them. Password management software is a great tool that requires minimal upfront investment (and is certainly cheaper than the cost associated with a breach), and can help take the hassle out of creating and managing strong passwords. With this technology, users only need to remember a single strong password which then gives them access to each of their unique passwords.
A good password policy should be effective without being complicated. This means you can have peace of mind without annoying your employees and creating unnecessary user frustration. ATB has extensive experience writing and consulting on password policies with your specific organizational needs in mind. For more information on how ATB can help ensure your company is protected, contact us today!