FAQ: One of my employees keeps using the same weak password for everything. How can I get them to change it and make it stronger?

Photo by Dstudio Bcn on Unsplash

A short-term solution would be to configure a password policy on the system or application in-scope. There are several key factors to consider when creating a password policy for your organization. Here are some industry standard recommendations:

1. Use long passwords: Aim for at least 12 characters, and consider using passphrases instead of single words.
2. Use a mix of uppercase and lowercase letters, numbers, and special characters.
3. Don’t reuse passwords: Each user should have a unique password for each account.
4. Require regular password changes: This can help prevent hackers from using stolen passwords for an extended period of time.
5. Use a password manager: This can help users generate and store strong, unique passwords for each account.
6. Enable two-factor authentication: This adds an extra layer of security by requiring users to provide a second form of authentication, such as a code sent to their phone, in addition to their password.

Long-term, implementing an enterprise single sign-on (SSO) solution can help ease the management of users and their passwords. With SSO, users only need to remember a single set of login credentials, which can be used to access multiple applications and systems. This can help reduce the risk of password fatigue, where users choose weak passwords or reuse the same password across multiple accounts because they have too many to remember.

To ensure that your password policy is enforced when using an SSO solution, you can configure the SSO system to inherit the password policy of your organization. This means that when users set or reset their SSO password, they will need to follow the same rules as for any other password in your organization (e.g., minimum length, complexity requirements, etc.).

By following these recommendations, you can help protect your organization and its data from cyber threats. Feel free to reach out to me for more information at Travis Felder | Cybersecurity Advisor & Career Coach.