One of the biggest concerns for IT admins is managing end user passwords. With so many services that users are leveraging across their personal and professional lives, it is easy to be concerned that users are taking short cuts. The good news is that there are some simple password management techniques that IT admins can practice with their end users.
Before we dive into some of these techniques, we should highlight some of the problems around passwords. Because of the risk associated with passwords, many think that we should do away with passwords altogether. Well, the reality is that we will be using passwords for at least a little while longer. So, in light of that, let’s understand what the issues are and how to solve them.
Challenges with Passwords
Passwords have historically been hard for people to remember, and who can blame them considering the average user has 191 passwords to keep track of. The result is that end users will choose passwords that are easy to remember, like “123456,” or even leverage the same complex password across all of their services. In fact, 54% of people use 5 or fewer passwords across their entire online life. With statistics like these, it’s not surprising that 81% of data breaches result from a weak or stolen password. Luckily, there are a few methods IT admins can take to prevent users from taking part in these bad habits.
Remedies for Securing Passwords
First, encourage your end users to use long passwords. Ideally, it should be a sentence with punctuation (where possible) versus just a word. The second suggestion is to implement multi-factor authentication (MFA or 2FA) wherever possible, but definitely on email accounts (e.g. G Suite™ or Office 365™). Preferably, you would have MFA attached to every account possible since 80% of data breaches in the past could have been prevented if MFA were enabled.
Of course, we realize that it is hard to change your end users’ habits, so you can’t just rely on them to implement these practices. A step in the right direction could (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Natalie Bluhm. Read the original post at: https://jumpcloud.com/blog/simple-password-management/