Overcoming Weak Password Compliance

Have you taken the #LayerUP pledge? It’s an ingenious way to get people’s attention on a topic that might be considered frivolous, but which could result in some rather costly consequences if not followed – and that topic is Password Compliance.  In enterprises, getting all of the employees to adopt password best practices on a consistent basis can be very difficult – especially since its human nature to use repetitive patterns or familiar phrases as passwords. Why? Because password requirements are everywhere, and the demand from IT departments to make them lengthier and more complex continue to grow and well, let’s be honest, the more passwords you have, the more likely you are to forget them.

Since passwords have been around as long as people have been keeping secrets – according to the days of the year – they have played a role equally as important as those to access Salesforce or your email account. They were part of espionage and secret societies. Now if everyone thought of them in a similar James Bond context, they would be considered much less cumbersome.

World Password Day was created to provide a warning and to spread awareness that password compliance is vital to protecting confidential data and even identity theft.   When you consider laptops are being stolen every 53 seconds, at a rate of one stolen laptop in every ten —encryption and the management of it, it’s a no brainer.

To strengthen the security of your business, you should start simple but think big and long term. This applies to both users and administrators.  As the security professional in your organization, communicate the obvious, communicate it often, and indicate that these are principles you can apply even outside the organization to keep information safe:

  1. Don’t make bad password choices – Avoid the obvious: family names, birthdates, Password123, or anything that could easily be guessed by a quick review of your social networks
  2. Don’t reuse or rotate the same passwords
  3. Don’t modify your password by one number or one letter in a sequential order when you are prompted to change it
  4. Create different passwords for each site, application, etc.
  5. Don’t write your passwords down. If you must, don’t keep it with the device or in a place that is not secure
  6. Don’t share your passwords
  7. Don’t have a common password or PIN for all users of a shared device – make sure each user has their own credentials

As an administrator with a responsibility for the security and protection of corporate data, you want and need greater control with policies, password management and even encryption.  Start by deploying policy management to enforce strong password creation, something that you can deploy enterprise-wide with minimal administration and disruption, but rigid adherence.  Look for encryption solutions that provide a central key management tool that increases the complexity and length of passwords of each device, to add greater protection.  These tools help you force greater security over the lazy password.  And make password recovery seamless for the user, thereby reducing the reliance on your IT team. Also, consider turning on multi-factor authentication, which is a fantastic way to easily increase the security of your devices and data.

Password Day is not only about the passwords themselves, it’s as much about the people and policies behind them.  Strong Password principles should not only be the focus for a day, but a daily ritual towards the betterment of your business.

Have you LayeredUP?

Visit our website to learn how WinMagic can help your increase password and encryption compliance in your organization, and protect your company’s data security.