Tactical Advice

6 Ways Businesses Should Never Manage Their Passwords

Don’t let bad password practices creep into your organization.
6 Ways Businesses Should Never Manage Their Passwords
Credit: iStock/ThinkStockPhotos

People hate passwords. In fact, lots of people dislike IT security of all types. Some managers are lax about enforcing password security policies or avoid security themselves. This leads to some embarrassingly bad password management.

If you see your company in one of these examples, change quickly. You wouldn’t leave the keys dangling in the ignition of your company vehicle, so why leave giant holes in your corporate IT security?

Here are 6 ways businesses should never manage their passwords.

1. Allow Real-Word Passwords

The most commonly hacked password according several “worst password” lists is “password.” If you allow real words to pass through your password filter, you will have unimaginative users defaulting to the most obvious term that comes to mind. Other foolish password choices include the user’s first name or “rockstar.” You might think you’re a rockstar, but using that word as a password will make you nothing but a malware groupie.

2. Allow Short Passwords

One thriller made into a TV movie hinged on the bad guy using "1" as his password, since no one would ever guess such an insecure password. While it might be cute in fiction, in reality, using short passwords is a completely wrongheaded approach to fooling hackers. By making passwords at least eight characters, you can help make the guesswork a little more difficult.

3. Avoid Checking for Adjacent Keystrokes

Even when you impose a length, users often default to the string of characters that their fingers rest on. So you see lots of passwords with "123456" or "asdfjkl;" in them. Sure, the second example does include a symbol, the semicolon, which is good. Every password should include some combination of letters, numbers and symbols, or two of the three.

4. Allow Passwords to Be Managed by Random Slips of Paper

Between Post-it Notes on monitors and slips of paper hiding under the keyboard or in the top drawer, passwords are often written on whatever is close by. Yes, it even happens in the executive suite. Often, the most senior executives are the least likely to believe password rules apply to them.

5. Allow Password Sharing Among Coworkers

The fact that you can never track a data breach when multiple people use the same password should be one of the leading reasons you nix this horrid idea in the bud. Don’t worry about busting up password friendships; just don’t let them happen in your company.

6. Assign New Long, Complicated Passwords Every Month

One way to really tighten security is to issue new passwords to each user each month, preferably constructed by a random character generator set on Torture Mode. What could be more secure than l398FU48#@876lsdfo**? Almost anything, because a user will never remember that, even if by some miracle they can read it. Are those lower case L's or ones? This is why password resets are the number one help desk call.

Pity the user — they have passwords with random rules in all aspects of their personal life. Some security-challenged banks won't allow symbols; one website won't allow more than eight characters, while the next one won't allow less than eight.

While security is of the utmost importance, making password management overwhelming and burdensome to the user is just as bad as having lax management policies. It's confusing out there, so make it easier for your users to follow password policies by ensuring that they protect but don't penalize. Better password management helps us all.

Sign up for our e-newsletter

About the Author

James E. Gaskin

James E. Gaskin

James writes books, articles and jokes about technology from his Dallas-area home office. He also consults for those who don’t read his books and articles.


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.