1234…Tips for Protecting the Efforts of Organizations
When it comes to keeping passwords safe and hard to crack, I think of a time when I was driving two friends to the state fair, which only takes cash. We had to go through a drive-through ATM, and my friends trusted me to handle the ATM withdrawl. My first friend hands me her card and says, 1,2,3,4. I say, “Really?!” Without a hint of concern, she says, “Yep.” I complete that withdrawl and my second friends hands me his card. I ask his code. He says, “Same.”
Unless you’re George Costanza who won’t give his password to anyone, even if their life is in danger (not sure he’d care enough if it wasn’t his own property), organizations need to create policies that make it easy to protect their assets. Individuals may protect personal assets better than the organizations too — and when they don’t protect personal property well, that’s a low bar that gets missed. When organizations are supposed protectors of their own users/employees/public information and assets, they have a duty to implement policies that decrease the chance of unintended access, while recognizing nothing is absolute and making it too hard to follow the policy may cause more harm than good.
As a result, a tool like LastPass makes it easiER to create and use better passwords. I personally already vigilently use a different password tool (won’t disclose for my own protection) — which allows me to ensure every site uses a unique and hard-to-guess password. I have been using it for years now and love it. The challenge for many years was it would not sync across devices, making it hard to login on a new device, but now they have solved that issue too. This leads me to think about just how important the ease-of-use is for the user (employee in this case) — from installing, setting the master password, and entering passwords across tools. Without thinking end-to-end, the enterprise puts its assets at risk. By requiring the use of such a tool like LastPass, it sets itself up to have far stronger protection and far fewer points of entry from negligent employees. That said, when LastPass gets hacked…well…the organization must be ready for that as well!
Below are 4 tips for helping organizations manage passwords:
- Have password manager pre-installed on machines
- Help user create the master password using a coded expression or phrase that they can remember but have never used before
- Have IT manager oversee practice with password manager with each employee so they successfully use it the first time
- Require regular password resets, but make it easy to do (no restarts necessary)