[12 DAYS OF PASSWORDS | 3 MIN READ] As we uncover more best practices in password security, there is one crucial component that is often overlooked or ignored, and that is password rotation. As an MSP, managing a multitude of passwords for a variety of enterprises, the idea of changing even one password can be daunting. Since password rotation refers to changing all the passwords on a variety of systems on a frequency basis, where does an MSP start and when should passwords be renewed?
MSPs should be rotating passwords on all...
- Client's Systems Accounts
- Network Appliances
- Cloud Services and Portals
- Line of Business Applications
- AND do not forget about your own Technicians
But what about frequency?
As an MSP, it is recommended to change all passwords on these terms:
- Instantly (if a breach occurred; remember not to recycle credentials)
- 3 Months minimum (for credentials that give access to sensitive data)
- 6 Months maximum (Covers all your bases and solves existing/former staff knowing privileged credentials)
MSP Quick Tip Takeaway...
- Use the power of automation to help your technicians manage password rotation by leveraging a password management tool. Limiting the lifespan of your client's passwords and setting auto-expire plus password regeneration on a schedule that works for your MSP, will eliminate the guess work. More control of your credentials means less risk for a breach due to vulnerable, stale, forgotten about passwords.
- 12 Days of Passwords: Educate Your MSP on Cybersecurity & Password Best Practice
- 12 Days of Passwords: Use Multi-Factor Authentication (MFA)
- 12 Days of Passwords: Access Management to Privileged Credentials
- 12 Days of Passwords: Four Password Types Not To Use
- 12 Days of Passwords: The Right Way to Generate Complex Passwords
- 12 Days of Passwords: Power of Automation for Password Security (You're already here!)