4.6. Security Toolkit: Password Management

What Everyone Needs to Know

Passwords are still the primary lock used to protect access to systems and data. This is why applications always prompt users to create more complex passwords and to change passwords often. You should always change your password when it is recommended and follow the password guidance when you do (e.g., do not reuse passwords across different accounts, do not share your passwords with other people, etc.). The difficulty has now become having too many passwords, all needing to be unique. The more challenging this becomes, the less inclined people are to create complex secure passwords. One way to mitigate this is to use a password manager for both work and personal accounts, which will store your passwords in a secure vault so that you don't need to memorize them.

What IT Needs to Know

Passwords present several challenges to IT staff. Organizations need to manage user access and permissions across multiple systems in their offices and in the cloud. As a result, users are responsible for multiple secure passwords and, potentially, multiple MFA solutions so users tend to make some password mistakes, e.g., they reuse passwords, choose an insecure password, neglect changing their passwords over time, share their passwords with other users. And when users leave the organization, the organization needs to retain access to its data on third-party systems.

 

There are a few ways that staff can address these challenges in password management. First, consider cybersecurity training for users to help them develop better password habits. You should also have policies on passwords (how often to change them, how to keep them secure, etc.).

 

Finally, consider a password manager. Password managers securely store multiple passwords, and they also help users create complex passwords that are harder to break. Password managers combined with single sign-on can greatly reduce the number of passwords users have to memorize, which will in turn lead to fewer passwords on post-it notes and fewer reused passwords. You can adopt an enterprise password-management solution and create accounts for all users, or you can add password managers to your user training and best-practice documents for staff. Be aware that some organizations also specifically tell users not to put work passwords into their personal password managers. Whichever you choose, be clear with users on what is expected of them.

Solutions to consider:

Resources:

Last updated on .

Table of Contents

    NEWS

    News & publications

    The news about recent activities for needed peoples.

    More News

    17 Dec 2024

    Megaphone with speech bubble showing the words Speakers Wanted

    Call for Speakers: Project Management, Second Chance Conference Sessions, and More

    LSNTAP is planning our training sessions for 2025 and would like to hear from…

    Continue Reading

    11 Dec 2024

    Resources for Supporting Child Victims & Witnesses Available

    Passing along this message from the Center for Justice Innovation (https://www…

    Continue Reading

    Our Partners