Passportal Blog

Help Your Customers Meet Password Compliance Requirements

[SECURITY | 4 MIN READ] Now more than ever, businesses need to make sure their password settings are effective and compliant—MSPs can help with that.

1911_BP_Password_Compliance_Requirements_720x356

For many businesses, the ever-growing privacy concerns of our digital age seem overwhelming. The topic of cybersecurity seems to come up in headlines daily, and major cybersecurity breaches show even the largest corporations and government institutions can fall victim to password compromise and malicious threats. For business owners, security concerns have never been higher—but managed services providers (MSPs) are well-positioned to help address these concerns.

The benefits of compliance-as-a-service

According to a 2019 report from IBM, the average cost of a data breach in the United States is $8.19 million, with 25,575 records compromised. Among global businesses surveyed, the United States had the costliest data breaches. The IBM study shows the harsh reality of password noncompliance—and it gives an explanation for why password compliance is such a priority for businesses today. Not only can a data breach erode customer trust, but it can financially drain a business to the point of no return.

Business owners know password compliance shouldn’t be a back-burner concern, but many administrators don’t have the technical expertise to implement a robust password compliance system. That’s where MSPs come in. With Compliance-as-a-Service (CaaS), MSPs can help remove the difficulties of password compliance from business administrators and put password compliance into the hands of experts—it’s a relationship that benefits both parties.

Common issues with password compliance

For nearly any industry with password compliance standards, there’s a central governing body that sets specific security guidelines for business compliance. For example, in the medical industry, the Health Insurance Portability and Accountability Act (HIPAA) requires a periodic compliance check. If healthcare providers fail to keep up with these regular checks, they will lose their accreditation. But for providers who are busy focusing on the health of their customers, staying on top of compliance checks and ever-changing regulations is no small feat.

According to a recent compliance report on the Payment Card Industry Data Security Standard (PCI DSS), only 20% of businesses with access to customer credit card data met password security compliance standards. Although password security compliance is more successful each year, this statistic should be alarming to anyone who owns a business—large or small. It’s enitrely possible business owners have noncompliant password protocols and are putting their customers at risk without even knowing it.

Although it may seem like businesses are currently facing a major challenge with passwords there is some good news for MSPs and business owners alike. Businesses with password compliance issues are often missing out on just a handful of simple fixes that can be diagnosed, corrected, and updated with CaaS from MSPs.

Password compliance issues plague small, medium, and large businesses alike. Some of the most common challenges include:

  • Weak passwords. When users create passwords, they all-too-often base their passwords on the name of the business, on a simple series of numbers, or even around the word “password.” Encourage your clients to create passwords or passphrases that will be difficult to guess.
  • Single-factor authentication. Businesses need another line of defense against an intrusion when password data is compromised. Multiple factors of authentication help optimize security. Businesses should augment a single factor, like a password, other factors—like a one-time code texted to a user’s smartphone, or fingerprint detection.
  • Lack of compliance knowledge. Most importantly, businesses should make all employees aware of password compliance regulations specific to their industry and inform them about why it’s important to maintain strong and unique passwords.
  • Providing all employees with the same access. When dealing with sensitive data, businesses should make the effort to ensure information is only accessible on a need-to-know basis. Implementing a tool that allows for granular access control will help you reduce the risk of a data breach by only providing specific users with visibility into all areas of the business.

Find password complexity requirements in active directory

For MSPs, password configurations can be easily accessed using Windows Active Directory (AD). To adjust password complexity requirements, access the Policies tab of the Computer Configuration console. You can find the Password Policy editor under the Account Policies tab in your security settings.

You can access group password settings through the Group Policy Management console, where you can adjust your Group Policy Objects (GPOs). Your password settings will be listed as a GPO in the GPO interface. If you haven’t renamed your password GPO, it’ll be listed as “Default Domain Policy.” Only central administrators with access to data modification in AD can edit your password GPO settings.

How to change password complexity in active directory

Once you’ve accessed your password modification parameters, you can easily edit and save password policies in AD. To address common password compliance issues, you can set complexity requirements, determine the lifespan of a password before it must be changed, and define security settings for different groups. Rather than focusing purely on password complexity requirements, encourage users to create strong and unique passwords that are easy to remember and eliminate the need for constant password changes.

For MSPs, password security and compliance is a major area of potential revenue, as it is something nearly all businesses struggle with so it opens up a new arena of product sales opportunities. Any MSP can attest to the idea customers are in a perpetual state of unease regarding the security of their password system. By providing CaaS, MSPs can help customers meet password requirements for compliance and lessen their security concerns.

Additional reading



SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.

 Audited Tested Awarded-01

Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.Passportal-SolarWinds_1200x190

SCHEDULE A DEMO

Topics: Passportal Insights MSP Wisdom Security Education