It is safe to say that the word of security experts is being heard more often and many people have finally realized the importance of protecting their online identity in every way possible. But for as much as strong passwords – and password managers – are getting more common, users tend to forget about properly protecting their business accounts, where even more sensitive information may be stored.
You may say ‘it’s not my business’ – and to be honest you’d be right, but it’s still your job to create strong passwords for your business account, the rules of which are usually laid down in the so-called company password policy.
What on Earth Is a Company Password Policy?
The company password policy is an official document issued by the business that contains the major rules of effectively protecting the company’s accounts – both individual and mutual online/offline accounts – from being accessed by hackers and other wrongdoers (even former employees). In simpler terms, it is the set of rules that are common on most websites that require a password to access them, but adapted to a company’s own needs.
Another similarity between regular and business password policies is that they are enforced on the users, meaning that you must comply with the details in the policy.
Creating a Password Policy the Bad Way
Although the concept of a company password policy was created to prevent company secrets leaking, if it is broken or too complicated the results may be the exact opposite of this original idea. In fact, the situation is so bad there are entire pages dedicated to listing companies with terrible password policies or analyzing these blunders. The funny thing is that despite differing in many ways, bad policies always managed to tell users how to create an extremely weak password by:
- Not disclosing the maximum amount of characters.
- Explaining exactly which characters should be used or omitted.
- Determining the order of a sequence.
- Overcomplicating requirements.
- Forcing too frequent changes or no changes at all.
- Not locking out most common passwords.
- Being limited to a PIN code.
- Not having the security of SSL encryption.
A Strong Password Policy
Avoiding all of the above blunders is a good start towards creating a good password policy, but there are still some elements that need to be taken into consideration in order to make the policy strong yet simple to understand. Experts suggest various practices in achieving that, including the following:
Learn What Password Policy Is
It’s one thing to read a password policy, but drafting one can be a really hard task. Therefore, it is best to study how strong passwords can be created, what the best ways of enforcing users to protect their accounts with unbreakable credentials are and, obviously, how a password policy should look.
Set Simple and Straightforward Rules
In order to achieve the best results a password policy must contain a set of rules that are easy to understand yet are capable of forcing users to create secure passwords. Determining the length and complexity of the would-be password is a must, but including such extras like forbidding dictionary words or passwords used on other sites and suggesting the use of random password generators can all further add to the effectiveness of the password policy. Also make sure that the rules clarify what happens to a user who fails to comply with the password policy.
A strong password usually lasts a long time, but if you really want to make sure an account is never compromised then the password policy should suggest co-workers change their password at least once a year or every two years.
Use a Business Password Manager
Having a password manager is one of the best ways to ensure the security of business accounts for many reasons. One is that, aside from the master password, employees are not forced to remember all other credentials associated with the business. Not to mention that all passwords are encrypted with military grade encryption and then are stored in a safe environment that nobody can access without knowing the master password. Better still is how passwords can be shared between multiple users on the same network without the need to ever disclose the password on a different, unsecured platform. And to top it all, such a program is available for rather cost-friendly prices.
Best Password Managers of 2019
|Editor's Choice 2019|