Password Management: What Employees Should Know

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Slide Show

Five Tips for Keeping Passwords Safe

Check out the key issues your users should always be aware of when it comes to password security.

At IT Business Edge, we are always cognizant of how important proper training is for small and medium-sized businesses. This is especially true when it comes to inculcating proper security practices in staffers.


Passwords are typically the first line of defense against unauthorized access, and I want to highlight some pointers about password management that all employees should know. Knowing the reason why certain policies are enacted will help ensure that they are adhered to.


Here are five aspects of good password management that employees need to know.


The Password Should Not Be Too Short


Employees need to know why short passwords can be very quickly compromised. This can be done by calculating the permutations based on the length of the password, as well as whether numerals and symbols are used.


As a rough guide, it will take only slightly more than half an hour for a modern desktop to brute-force a password that is seven characters long, and consists only of alphabet characters. A password that is eight characters, though, will take 15 hours; one that has 12 characters, some 30 years.


Avoid Reusing Passwords Between Personal and Work Accounts


It is generally a very bad idea to use the same password for different accounts. However, it would be foolish, too, for an administrator to imagine that the typical employee would make use of a different password for every system that requires one.


A more moderate stance would be to have different sets of password between personal and work accounts. While it might seem obvious in hindsight, employees should be shown that using the same password for work accounts, as well as for every free social media service, IM service and online gaming accounts out there, is a very bad idea.


The IT Help Desk Will NEVER Ask for Your Password


This sounds almost cliche now, but the IT department should periodically remind employees that their passwords will never be requested.


You Are Welcome to Change Your Password Anytime


In the recent movie remake of Alice in Wonderland, the Red Queen concluded that it is far better to be feared than loved. When it comes to pre-empting possible breaches in security, though, I would rather that employees come forward if they suspect their accounts are compromised or confidential data illegally accessed than to find out on the front page of the newspaper or Google News.


So tell your employees this: You are welcome to change your password anytime.


Regular Password Changes Are Necessary


Detractors will be quick to point out that mandatory regular password change is the primary cause of employees writing down their passwords. However, the security reality of keyword loggers and the pervasiveness of other invasive malware mean that it remains an important practice to enforce regular password changes.


Employees are also increasingly accessing their work accounts from remote locations, so users need to be educated on the necessity of changing their passwords regularly. Note, however, that there is a difference between regular and frequent, and it is important not to overdo the frequency of changes.