According to the National Institute of Standards and Technology (NIST), complex passwords that contain a variety of characters are strong, but the longer a password is,
Organizations spend billions of dollars on cybersecurity tools and consultants each year. Beyond traditional tools like firewalls, antivirus software, and System Information and Event Management (SIEM), it is easy to get caught up in sophisticated threat detection using artificial intelligence, machine learning, user behavior and analytics.
All of these tools have their place and can be very valuable; however, one problem looms large: passwords are frequently the only thing protecting confidential business plans, intellectual property, communications, network access and customer data.
Due to human error, negligence, and simple lack of knowledge, passwords are the weakest link in cybersecurity. Attacking those issues head-on will provide the quickest and most impactful effect on any organization’s cybersecurity defenses.
Keep reading to learn the best practices for business password security.
Implement a Password Security Policy
The first step in virtually every cybersecurity strategy is to take an inventory of your assets and then determine the risk of exposing each of those assets. Given that passwords will be an integral part of any access control policy, password security policies must be put into place. An effective password security policy entails making sure employees are:
- Creating strong passwords and not reusing them across multiple accounts
- Storing passwords securely and only on authorized company devices
- Implementing Multi-Factor Authentication (MFA) to require one or more additional forms of authentication
Enforce Password Management Policy and Procedures
Most businesses have limited visibility into the password practices of their employees which greatly increases their cyber risk. Easy-to guess passwords can be cracked and are a business’ number one internal security risk. The easiest way to improve employee password hygiene is through critical insight into password usage and password policy compliance. The ability to enforce policy controls, define access roles and restrict sharing are critical for safe and secure enterprise password management.
Limiting employee access to a need-to-know basis ensures that employees only have company resources and logins that they need at the times that they need them. Assigning a delegated admin who is regularly monitoring, provisioning and deprovisioning access to users based on their role is highly recommended.
How Keeper Supports Password Security Best Practices for Businesses
A password manager provides the most rapid cybersecurity improvement of any security measure your business can implement. Employee password habits are the greatest risk to security.
With Keeper, every employee is provided a vault to store passwords and sensitive information. Keeper generates strong, random passwords and autofills them for users. This saves time and frustration while eliminating the need to reuse and remember passwords for each individual account.
Protects information
Keeper Security is a zero-knowledge password management solution. This means all information stored in the Keeper vault is only accessible by the end-user. To access this information, users must enter their master password, the only password they need to remember. The information stored in Keeper is encrypted both in-transit and at rest. The plaintext version of the data is never available to Keeper employees or any outside party. Keeper uses the most advanced versions of cryptography available – PBKDF2, TLS and AES-256. Our systems are SOC 2 Type 2 audited and compliant.
Helps enforce password management procedures
A good password manager aids IT in enforcing password management policies and procedures. With Keeper, IT admins can manage:
- Master Password Complexity: Ensure employees utilize a strong master password to secure their account.
- Master Password Expiration: Schedule required updates to master passwords.
- Password Masking: Share passwords and permit their use by employees, but prevent viewing or copying of the password. Keeper autofills passwords without revealing them.
- Biometrics: Enforce use of biometrics when available.
- MFA Enforcement: Define which authentication methods and vendors need to be utilized to access Keeper accounts.
- Platforms Allowed: Define specific platforms allowed to access Keeper accounts. For example, only permit a specific browser.
- Password Sharing and Exporting: Set team permissions and define the organizational structure for sharing passwords and folders. Control exporting of vault contents.
- IP Whitelisting: Prevent employees from accessing their Keeper account from outside the office.
- Logout Timers Across Platforms: Set custom limits to automatically log out an employee.
Increases compliance
Keeper provides comprehensive password reporting, auditing, analytics and notifications. Security professionals can see and control employee password strength, password reuse and MFA status. Access logs to Keeper vaults can also be audited for compliance or forensics.
Don’t let sloppy password practices jeopardize your organization’s reputation and operations. Start enforcing password security best practices at your business with Keeper. Start your 14-day free business trial or request a demo.