Read on to find out how IT support companies and MSPs can help their organisations develop robust and manageable password policies.

The below graphic represents the time to brute force a password using current technological capabilities.

So passwords should really be in the top two tiers to be effectively secure.

An ongoing issue is that the more complex the password the more difficult it is to remember – and with the general lack of uptake around password managers the NCSC guidance continues to encourage staff to use three random words as a password instead.

To find out more about passwords go to Guidance | Eastern CRC (ecrcentre.co.uk).

So how can IT departments help their organisations?

Tip 1: Reduce your organisation’s reliance on passwords

Only use passwords where they are needed and appropriate. Consider alternatives to passwords such as Single Sign On, hardware tokens and biometric solutions. Use MFA where possible for all important accounts and internet facing systems.

Tip 2: Implement technical solutions

Use account lockout or throttling to defend against brute force attacks. If using lockout, allow users between 5 and 10 login attempts before locking out accounts. Consider using security monitoring to defend against brute force attacks. Password blacklisting prevents common, guessable passwords being used.

Tip 3: Protect all passwords

Ensure that all corporate web apps requiring authentication use HTTPS. Protect any access management systems you manage. Choose services and products that protect passwords using multiple iterations of a salted cryptographic hash function. Protect access to user databases. Prioritise privileged and vulnerable accounts such as administrators, cloud accounts and remote users. Change all default passwords.

Users have a whole suite of passwords to manage, not just yours. Allow users to securely store their passwords. Only ask users to change their passwords on indication or suspicion of compromise. Use delegation tools instead of password sharing. Where there’s a pressing business requirement to share passwords, use additional controls to provide the required oversight.

Be aware of the pros and cons of different password generation methods. If password managers are used, encourage the use of the built-in password generator. Complexity requirements provide no defence against common attacks and should not be used. Prevent users setting passwords that are too short. Don’t impose artificial capping on password length

Tip 6: Use training to support key messages.

Emphasise the risks of re-using passwords across work and home accounts. Help users to choose passwords that are difficult to guess. Help users to prioritise their high value accounts. Consider making your training applicable to their personal lives.

#leighonsea #essexbusiness #essex #essexnetworking #itsupport #itsupportessex #cloudsolutions #galacticait #galactica #itsupportspecialist #itsupportservices #itsupportlondon #southendonsea #southendonseabusiness #cloudsolutionprovider #microsoft #microsoft365 #microsoftazure

SOURCEGalactica IT Group - GSOC
Galactica Group was founded in the summer of 2014 due to the fusion between Galactica IT Solutions (London) and Info Tech USA (New York). With an innovative customer-centric work-flow, the Group was designed for IT consulting and solutions, which has extended to a wide range of digital, technical, infrastructural, web and software services for businesses. Galactica Group can help with Digital transformation, Cloud Services (with a dedicated sub-branch named GITG-cloud), IT computing services, support consultation, crisis management and disaster recovery, cyber-security, network and infrastructure managed solutions while offering appropriate education support services