login screen with username and password

Passwords are the gate keepers to our connected lives.  And yet, whenever we’re forced to choose a new password, either for work or on a new web site, it often evokes fear and panic. We all have the best intentions of picking passwords that are safe, secure, and unique, but often we’ll take the easy way out and pick something simple or reuse an existing password just so we can get it over with faster.

The problem will continue to grow as more and more of our lives are moved into computers. As an employer, what are some good options for dealing with passwords?

  • Change passwords frequently – The more often you update your passwords the less chance that a compromised password will affect your systems.  Set a schedule that works for you and your users, weekly password changes are probably too frequent, but monthly, quarterly, or semi-annually may be appropriate.
  • Have minimum password requirements – Giving users the ability to create a short or easy to crack password will often lead to them creating a short and easy to crack password.  Basic minimum requirements should include requiring letters, numbers, symbols, and mixed case.  The longer the minimum length you can require the better, the length of the password can drastically increase how long it will take to crack. The absolute minimum length should be 10 characters, 12-14 is better and longer than that will drastically increase security, so don’t discourage long passwords.
  • No paper passwords – A downside of picking long and secure passwords is that users will often have a hard time remembering them and will often write them down in a place close to their computer. While forgetting passwords is a real problem, it’s not an excuse to have a copy written nearby.  If a user truly can’t remember their password you can reset it for them to something new.
  • No password sharing – Written down passwords may also happen if users need to access another person’s computer while they are on vacation or covering for them.  In such cases, your system administrator can change the password to something temporary while the user is out of the office.  It can then be reset by the original user upon their return.
  • Don’t reuse passwords – This is extremely important.  Require the passwords your users pick be unique to your system.  If they use the password elsewhere and it’s compromised, that password could be used to access your data.
  • Remembering them all – It’s almost impossible for a user to remember multiple secure passwords. If your users complain about having to remember passwords you can recommend they use a password manager such as LastPass, 1Password, or KeyPass. Password managers help generate long, secure and unique passwords for every log in a user has.

If you have any questions or would like to learn more about password strategies, please reach out to Genesis HR Solutions at AskUs@genesishrsolutions.com or 800-367-8367.

Genesis HR Solutions is the premier PEO provider for Massachusetts based businesses.