[FEATURE RELEASE | 4 MIN READ] Establishing a granular password policy is an important part of ensuring solid password hygiene for your MSP business. With the right password management tools, MSPs can also achieve effective granular access control to help protect customer accounts.
Password policies refer to a standard set of password requirements that apply for all of the users across an organization. To safeguard customer accounts, managed services providers (MSPs) should build password policies that provide a good balance of security and convenience. A password policy will usually include password complexity requirements, such as minimum length and the need for special characters as well as rules around password resets and changes.
Additionally, granular access refers to limitations that an organization places on access to their system. Granular access helps dictate which users have the permissions in place to view certain parts of a system—and what those permissions enable them to do. Granular access control is important because it allows employees to hit the ground running. They can work within the various levels of the systems they need, and nothing more. Not only does this elevate your organization’s security, but it can also help increase productivity.
By applying granular access control at varying levels—such as clients, subfolders, and systems—you can help ensure each of your technicians has the appropriate level of permission to execute their role while maximizing security for the organization. For convenience, you should also be able to designate access for a predetermined amount of time if necessary.
The importance of a granular password policy
Adding granularity to your password policy allows you to better align password requirements with the elevated privileges of various users for a more secure environment overall. To implement a granular password policy, here are a couple of key elements of password policy you should be thinking about for your MSP or customer organizations:
1/ Password complexity
For your default password policy, you likely will have settled on a number of minimum password complexity requirements like length, a designated number of special characters, and a restriction against the use of the username in the password. On top of these default settings, elevated users should have more stringent requirements to meet. For example, this may work by increasing the minimum length, enforcing a passphrase rather than a password, or blocking consecutive identical characters.
2/ Settings for account lockouts
Account lockouts occur when users unsuccessfully attempt to log in to their account too many times. After a certain number of attempts, the account automatically freezes to protect the network from what it perceives as a possible hacking attempt or brute force attack. This specified number of incorrect attempts needs to be decided upon by administrators, who may want to set a lower threshold for users with higher levels of access. For instance, it is reasonable to only grant privileged accounts one failed attempt before a lockout, while groups with less access might have three failed attempts.
The importance of granular access control
One of the greatest challenges associated with IT security is that the IT landscape is constantly evolving. If your organization hopes to maintain complete and continuous control with an accurate overview of access and users across multiple systems, then you have a challenging task on your hands.
Large organizations may well have thousands of users, and retaining consistency across an array of systems is a time-consuming and highly complex process that is often prone to error. Access rights are constantly changing as users enter, leave, or move within the organization, and there is a complicated mix of IT systems, organizational structures, and users to manage simultaneously.
In 2020, cyberthreats are highly sophisticated and every organization is at risk of external and internal attacks. Moreover, compliance demands are higher than ever before, heaping on the pressure to effectively manage access rights and achieve optimal security levels with the right password management. To manage these complex requirements, however, it’s often a good idea to use a password management tool that can help you implement advanced granular policies.
A password management tool that supports both password granularity and user access granularity
The right client password management tool can help your MSP implement a granular password policy that is both robust and effective. SolarWinds® Passportal is a highly efficient password management tool that doubles as a documentation platform built specifically for MSPs. Among its robust password features are credential injection, auditing, reporting, password change automation, and privileged client documentation management.
Passportal helps you achieve granular password policy best practices and implement access controls for your technicians. With credentials stored in an encrypted password vault safeguarded by multifactor authentication (MFA) and role-based permissions, Passportal makes managing complexity easy and secure. To learn more, request a demo of Passportal here.
- NIST Cybersecurity Framework Overview
- 5 Best Practices for Storing Company Passwords
- How to Build Password Policies for your Customers