PageUp Passwords — Housekeeping and Best Practice

SSO (Single Sign On)

If you’re not using Single Sign On, you really should and you can bet your IT and Security departments will be all for it.

What’s so good about Single Sign On from a Security perspective?

• No new password to create
• No new password to remember
• Just use your work login to authenticate to PageUp automatically!
• All your work password policies are automatically compliant for PageUp

Good for Security, good for you (no more password resets and account unlocks etc), good for all your staff that use PageUp. Thumbs up!

Check out our Knowledge Portal if you want to know more, or as always, speak to your Technical Account Manager about it.

Single sign on

If you aren’t using SSO, then read on, we still have some tips and best practice to share with you.

Non SSO Password Tips

As a SuperUser of PageUp systems, Security is probably one of the last things on your mind.
In the end, as a consumer of our SaaS solution, you entrust us to handle Security!

The below points out a few of the client configurable password items within the PageUp system that you as a SuperUser can configure to ensure the best possible Security posture for your PageUp Instance.

Bad Password List

PageUp comes with a “Bad Password List” already setup and defined, but Security never sleeps and these lists are updated often with the weakest and most abused weak passwords.

I’ve done the hard work for you and already collated the top 100 worst passwords of 2017 (along with some other PageUp suggestions), ready for you to use in your system in a few clicks.

To implement this updated list is really simple, just follow the steps below -

1. Click settings in Admin
2. Search for “Bad Password” and press Enter
3. Click the pencil to edit your current bad password list.
4. Copy the entire line from the code sample below.
5. Paste/append it to your current list
6. Click Save!

Triple-click the row of words above, copy to your clipboard (Crtl+C) then paste/append them into your Bad Password List within PageUp

Other Password Best Practice

Password Minimum Length

Set a good, secure minimum length for your passwords, I’d recommend at least 10 for Admin.

Tip: align this to your internal password policy, your IT Department will thank you for it!

Password Changes

If required, you can also set password expiry and configure the the period in which this occurs.

Find this ^^ in Settings

Other Defaults

As a reminder, PageUp already default the following -

• Ensuring that passwords contain at least one numeric and one alphanumeric character
• Preventing users from reusing their previous 12 passwords

There are additional safeguards that we recommend users follow when creating their account password.

• Select a password that contains a combination of numbers and letters that you can remember easily but has no meaning to anyone else. Possibly think of a phrase like “super secure”, and create an abbreviation that substitutes numbers/symbols for select letters such as “$uper5ecure”
• Avoid using the same password for different systems
• Use a password manager
• Never write your passwords down or send them via e-mail or instant messenger

Wrap-up

As above, the easiest way to automate password management is with SSO, however if this isn’t implemented currently, PageUp gives you the tools to manage these elements.