The benefits of a password management policy

Featured Content

This article is courtesy of TechRepublic Premium. For more content like this, as well as a full library of ebooks and whitepapers, sign up for Premium today. Read more about it here.

Join Today

Implementing a solid and robust password management policy helps both end-users and IT staff alike.

istock-840534924.jpg

Image: designer491, Getty Images/iStockphoto

As a system administrator, I can attest that password resets are the most frustrating element of working in technology, both for myself and my users alike. We all have better things we could be doing and yet unfortunately the same "usual suspects" seem to pop up, which doesn't work wonders for employee relations and morale.

It's not just a pet peeve of mine; it's a real problem with multiple negative implications.

SEE: Password management policy (TechRepublic Premium)

Gartner reported between 30% and 50% of all IT help desk calls are for password resets and determined the average cost in wasted labor for a password reset is $70. Oftentimes employees must wait to receive a password reset or jump through numerous hoops to do so and that impacts their productivity. 

Enjoying this article?

Download this article and thousands of whitepapers and ebooks from our Premium library. Enjoy expert IT analyst briefings and access to the top IT professionals, all in an ad-free experience.

Join Premium Today

Worse, weak, stolen, or reused passwords pose a significant hazard to companies and cause approximately 80% of data breaches.

Having a password management policy is essential not only to secure your business and streamline operations, but to maintain the efficiency--and sanity of your employees. 

A quality password management policy dictates what kind of passwords must be selected (e.g. complexity), where it should be used (avoid using the same password on multiple systems or applications), how it should be handled, and when it must be updated. It should also include measures employees and staff must take when passwords are compromised--or suspected as such.

In addition, it's also essential to encourage employees to use secure password management programs such as KeePass, which safely stores all passwords which are protected via one master password.

SEE: Password management policy (TechRepublic Premium)

The short-term solution is to encourage employees to set reminders in Outlook or another calendaring system to change their passwords before they expire (and passwords should always expire and necessitate a change in order for continued usage of systems).  

The long-term solution is to implement a password reset portal for self-service password operations. Adding the password reset feature to Remote Desktop Web Access is an option that paid major dividends for myself, my users, and my organization.

Whatever password management policy you decide to implement (or upgrade to), ensure that it is communicated to both existing and new users, monitored for compliance and feasibility, and updated accordingly to meet the changing needs of the business.

SEE: Password management policy (TechRepublic Premium)

Join Premium Today