Any number of unknowns can threaten the security of your environment, but the leading common denominator in threat scenarios is how your team manages their passwords within your environment.
Creating and maintaining secure passwords within a team environment comes with unique challenges. You need to monitor not just the quality of the passwords and their expiration, but the overall instruction and motivation of your team for creating secure passwords in the first place. The more effective you are in conveying the importance of password management and renewals, the less time and effort you’ll need to put into maintaining that momentum.
Here are methods you can use to help your employees create secure passwords and maintain a secure team environment:
1. Time password updates with something relevant
Depending on your environment, your password expiration timeline can range from 15 to 90 days. For employees whose primary function is not security, it can seem excessive and annoying to change passwords so frequently.
To keep this update front-of-mind, time the password changes with something else that happens in the office, such as the 1st of the month or a particular corporate initiative. If you have the resources, consider sponsoring a frequent event that coincides with password renewal to make the process something to look forward to.
2. Invite employees to balance security with convenience
The most secure password system is the one that your employees buy into. To that end, invite employees to balance password length, complexity, and expiration period by establishing password patterns. Cluing your team in on unique and secure patterns like the following will help them create passwords that are more secure and easier to remember at the same time. For example, a go-to password format is to take the first letters of a phrase and string them into a password. In this scenario, “Take me out to the ballgame!” becomes “Tmo2tbg!” which meets minimum security requirements by being 8 characters in length and comprised of numbers, symbols, and both lower and upper cased letters. The next password can be “Take me out to the crowd,” or “Tmo2tc!” and so on.
3.Consider a password management system
Sometimes the answer is right under your nose. There are hundreds of free and enterprise-level password management systems available to you, and one of them might be a great fit for your environment.
4.Understand your team’s reluctance and set the example
Poor password practices can be seen almost in any organization. Don’t fall for the lure of convenience over security or keep matching root passwords for several systems — for more than a year.
This story (as well as the story of hacking Italy’s Hacking Team) illustrates the struggle that many IT administrators have in a team environment: team members change passwords because they have to, not because they want to, and systems administrators sometimes fail to lead by example. This quickly demoralizes (and possibly removes authority) from the entire security process. Make sure you address the inconvenience of changing passwords with your team and follow those instructions yourself.
Password expiration is a frequent cause of IT support issues, triggering helpdesk calls from users, productivity losses, and sometimes even disruptions of critical services. Once you’re confident in your team’s ability to create and manage secure passwords, consider deploying a specified tool to receive regular summary reports by e-mail and proactively resolve password expiration issues for end-users and service accounts.
- Nine Steps to a Better Password Management
- User Password Opinions and Advice on Spiceworks