{"id":3368,"date":"2018-07-27T11:47:47","date_gmt":"2018-07-27T15:47:47","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=3368"},"modified":"2018-11-08T12:13:23","modified_gmt":"2018-11-08T16:13:23","slug":"take-iam-seriously-implement-password-best-practices","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/","title":{"rendered":"Take IAM Seriously! Implement Password Best Practices!"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-2734\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod.jpg\" alt=\"password best practices \" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We here at Solutions Review have discussed previously the upcoming death of passwords as an authentication factor and the advent of new authentication factor like biometrics, geofencing, and hard tokens. However, even though we fervently believe that future is on the way, our conversations with<a href=\"https:\/\/solutionsreview.com\/identity-management\/privileged-access-credentials-identity-automation\/\" target=\"_blank\" rel=\"noopener\"> identity and access management (IAM)<\/a> experts and our research suggest that passwords are here to say.<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-privilieged-access-management-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2020\/01\/PAM_BG_SB_800.gif\" alt=\"Download Link to Privileged Access Management Buyer's Guide\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We all know that passwords are incredibly unpopular. Users have to memorize dozens if not hundreds of them just to get by in daily digital life. They are often lost or forgotten. Hackers can easily steal, guess, or crack them. They\u2019re incredibly insecure as an identity authentication factor. But they are also ubiquitous, widely understood, and easy to implement. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Since your enterprise will probably have to deal with passwords for the foreseeable future, you need to make sure you and your employees are following password best practices! Here are the password best practices your enterprise should implemented, train, and (to the best of your ability) enforce among your employees: <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Never Allow Users to Write Down Passwords<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This should be common sense. There are too many stories of unscrupulous individuals in the analog world discovering the password they need on a sticky note by an employee\u2019s endpoint.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Your enterprise should be ensuring employees aren\u2019t engaging in this blatant cybersecurity violation: managers should be on the lookout for this behavior and requiring employees stop. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">But the against writing down passwords principle applies to digital documents, saved either on-premises or on the cloud, equally. Neither is as safe as employees believe they are; if a hacker has infiltrated your network or cloud platform they could easily steal and exploit these passwords. If saved in a common drive insider threats could obtain valuable credentials with minimal effort. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Show your employees just how dangerous writing down passwords can be, and instead encourage them to create distinct passwords they will be sure to remember (although, as we will discuss, they should not create easily crackable passwords). <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Also, to facilitate password best practices, your enterprise should implement via single sign-on via its IAM solution. This will significantly reduce the number of times your employees will have to login to their various accounts and the number of passwords they will have to remember. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In cases of proprietary databases or assets, you can always implement multifactor authentication to secure those sections of the network against non-privileged employees. Finally, if your employees are truly struggling with remembering their passwords, implementing a password manager integrated with or as a part of your IAM can really help. \u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Mandate Strong Passwords<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Perhaps this is the heart of the issue. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Did you know that users still use \u201cpassword1234\u201d as their password? It\u2019s one of the most common and commonly hacked passwords, born of fears of users forgetting their passwords and wanting to simply meet password requirements for numbers or character limits. It\u2019s almost funny. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Now ask yourself this: how many of your employees are using passwords like this, easily guessed and cracked, on your network and databases? Suddenly it becomes far, far less amusing. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">As part of your employee cybersecurity training, show them the most commonly used and easily discovered passwords (<\/span><a href=\"https:\/\/www.entrepreneur.com\/article\/306499\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">here\u2019s a resource we&#8217;ve found<\/span><\/a><span style=\"font-weight: 400\">). Tell them why these passwords are insufficient, and if possible, ban them from your networks (talk to your IAM solution provider to see if they can enforce this digitally). Password best practices need to be something understood by all of your employees so they can be internalized in their daily digital behaviors. Otherwise, they might hear you&#8230;and may not listen. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Foster a Zero-Trust Culture<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In identity and access management, we use the term \u201czero-trust\u201d to describe how enterprises should never simply believe that users are who they say they are until they authenticate their identity extensively. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">It\u2019s one of the most crucial processes in modern identity management, but it is also the basis of a vital cultural shift many enterprises need to embrace. Password best practices require that your users passwords remain individual and secret unless absolutely necessary. Your enterprise should forbid employees from sharing their passwords from each other, in part because the transfer of passwords could open up new attack vectors and increase the risk of a potential insider threat whether intentional or not. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Employees should also demonstrate zero-trust to any website, institution, or even fellow employee that asks for their password. You must train your employees to always be suspicious of other people asking for passwords and how to recognize potential phishing attacks. If the employee has doubts (and perhaps even if they don\u2019t) they should contact the inquiring institution directly and determine why they are asking for the password&#8230;if it really is them. \u00a0\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Make Password Best Practices Part of Employees Duties<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Here\u2019s the secret to great enterprise-level cybersecurity: everyone needs to be involved in it. It isn\u2019t just an issue for your CISO or your cybersecurity team. Every employee is involved in your IT perimeter, which means that a mistake by one of them could affect your entire enterprise. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Therefore, make sure you stress that passwords best practices aren\u2019t just a technical concern. They are a day to day responsibility that employees need to perform as they perform their other tasks. Make it a part of performance reviews and employee evaluations. Continually reinforce password best practices in training sessions and in daily communications. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The digital marketplace is one of the most rewarding ever conceived. Don\u2019t leave yourself prey to the pickpockets between the stalls.<\/span><\/p>\n<p style=\"text-align: justify\"><br \/>Widget not in any sidebars<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We here at Solutions Review have discussed previously the upcoming death of passwords as an authentication factor and the advent of new authentication factor like biometrics, geofencing, and hard tokens. However, even though we fervently believe that future is on the way, our conversations with identity and access management (IAM) experts and our research suggest [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":2734,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[142,125,16,76,91],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Take IAM Seriously! Implement Password Best Practices!<\/title>\n<meta name=\"description\" content=\"Your enterprise will probably have to deal with passwords so you need to make sure you and your employees are following password best practices!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/\",\"name\":\"Take IAM Seriously! Implement Password Best Practices!\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod.jpg\",\"datePublished\":\"2018-07-27T15:47:47+00:00\",\"dateModified\":\"2018-11-08T16:13:23+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Your enterprise will probably have to deal with passwords so you need to make sure you and your employees are following password best practices!\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"How to Prevent Account Takeovers in Your Business\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Take IAM Seriously! Implement Password Best Practices!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Take IAM Seriously! Implement Password Best Practices!","description":"Your enterprise will probably have to deal with passwords so you need to make sure you and your employees are following password best practices!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/","url":"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/","name":"Take IAM Seriously! Implement Password Best Practices!","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod.jpg","datePublished":"2018-07-27T15:47:47+00:00","dateModified":"2018-11-08T16:13:23+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Your enterprise will probably have to deal with passwords so you need to make sure you and your employees are following password best practices!","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/04\/password-behaviors-mod.jpg","width":800,"height":400,"caption":"How to Prevent Account Takeovers in Your Business"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/take-iam-seriously-implement-password-best-practices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Take IAM Seriously! Implement Password Best Practices!"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/3368"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=3368"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/3368\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/2734"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=3368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=3368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=3368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}