Cybersecurity Tip #8: Observe Password Best Practices
#CyberSecurityTip: Keep up-to-date with password best practices to strengthen your cybersecurity, including using a password manager and employing passphrases.
For many years, the rhetoric on password security has revolved around the importance of special characters and frequent password changes. However, we are now learning these practices do little to strengthen passwords and keep hackers out—instead, they simply increase the difficulty of password memorization for users. Managed services providers (MSPs) have a duty to follow password best practices, so they can protect their customers’ sensitive data as well as their own.
What are current password best practices?
The standard password best practice has been to use strong passwords to secure your sensitive data. But instead of using seemingly complicated passwords that are hard for users to remember, the newest best practice focuses on using passphrases. Passphrases are long phrases that include spaces and are easy to remember, but very difficult to hack.
The National Institute for Standards and Technology (NIST) has stated that in order to maximize security, users should be able to create passwords that are at least 64 characters long. MSPs should encourage their customers to switch to passphrases and drop policies that require frequent password changes or special characters in passwords. They should also encourage them to employ multifactor authentication to serve as an added barrier against hackers.
Another best practice is to utilize different passwords for every user account. But even with easy-to-remember passphrases, it can be hard to come up with and remember all the passwords that would be needed to employ this practice on your own. That’s where a password manager comes in to help MSPs manage secure passwords for all of their accounts.
How do password managers work?
A password manager is a tool that simplifies the job of maintaining secure passwords by storing and applying all of your passwords for you. Instead of needing to remember dozens of complex passwords, using a password manager only requires you to remember one master password (preferably a lengthy passphrase) for the password manager itself. This will then give you access to all of the encrypted passwords stored within it.
The best password managers will provide a way for an MSP to incorporate self-service password reset, which allows end users to easily reset forgotten passwords themselves. This means less downtime, thus avoiding both frustration and losses in productivity. Not only does this service make everyone’s lives easier, the ability to easily reset passwords increases security by reducing the likelihood that an end user will write down or store their passwords.
How can you help you customers?
As an MSP, you need to make sure your customers’ systems support password best practices—NIST’s Digital Identity Guidelines is a good starting point for establishing what best practice looks like for your customersYou should also look at implementing a password manager, so the passwords you have access to are as secure as possible.
In addition, you should ensure that both you and your customers are employing access control, auditing, and automation as part of their password management best practices. With access control, you can control who has access to passwords and what they can do with them, keeping access to the most vital password information strictly limited.
Auditing is a process that involves checking that everything in the system is working as it should be. Audits will allow you to see who has accessed stored passwords, check that the stored passwords match what is being used in your services and systems, inform the correct people when something in the system goes against password management processes, and check that the stored passwords meet compliance and complexity rules.
Finally, with automation, you can automatically change passwords across your network as needed—for example, if an employee who had access to important passwords leaves the company. This process is critical to maintaining security , given that a data breach could be devastating for the small- or medium-sized businesses you work with.
Password security is critical to protecting both yourself and your customers. Make sure that you are current on best practices—and that you are using a password manager to stay protected.
Learn more about how your MSP can benefit from a platform to help you with password security.
- How Are You Securing Your Login?
- How a Self-Service Password Reset Tool Can Benefit MSPs
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.