Password Management a Must for MSPs

Everybody hates passwords. And the more complicated they become, the more users grow to despise them, so it’s no wonder password practices tend to be pretty shoddy. That helps explain why so many security breaches involve bad passwords.

Remember the scandalous Sony breach? Not only had Sony been warned about the use of weak passwords, but the electronics and entertainment giant also stored user passwordsin a file conveniently named “Password.” The file, which was hacked, contained employees’ personal data such as Social Security numbers.

Eighteen months after the Sony debacle, a new report from Verizon reveals “63% of confirmed data breaches involved weak, default or stolen passwords.” It is one of the findings in the 2016 Data Breach Investigations Report (DBIR), an annual security reported published by Verizon.

Either we’ve learned nothing or users and administrators are just lazy. Whichever the case, the Verizon report reminds us that proper password management is essential to good security. Sure passwords are inconvenient, but here what’s even more inconvenient: a major breach exposing employee human resources and medical records, customer data and intellectual property.

Work with Clients

MSPs need to work with clients on password management. As with most aspects of IT security, the solution involves technology and user training. User behavior, be it malice or just plain negligence, is responsible for most security breaches, so you can’t just throw technology at the problem.

Users must be conditioned, for instance, not to open suspicious emails that may contain phishes. Or taught not to share passwords. As a recent IT Governance blog points out: “After all, even the strongest password, if it becomes widely known, offers no barrier to access. If you share your information or reuse the same credentials to sign into numerous accounts, a single data breach will jeopardize the security of all of them.”

It takes one “lazy user,” as the blog’s author puts it, to cause a massive corporate data breach. So addressing user behavior in relation to passwords, and security in general, is paramount.

Management Solutions

Beyond user training, MSPs should be adding identity management and single sign-on (SSO) solutions to their offerings. Users hate passwords not just because passwords are complicated but also because people are required to remember too many of them. Who can remember 20 passwords, for crying out loud? Yet, that’s pretty much the average.

That’s why SSO and identity management solutions that require users to memorize a single password are very attractive. To further strengthen authentication procedures, MSPs should also offer two-factor authentication solutions to clients so that passwords are backed by a second authentication method when users log on to assets containing sensitive data.

Passwords may be a pain, but the potential consequences of shoddy password management can hurt even more. It’s up to you to make sure your customers understand this.

Profile photo of Pedro Pereira

Pedro Pereira

Pedro Pereira is a Massachusetts-based writer who has covered the IT channel for two decades. Recognized as one of the first journalists to cover managed services, Pedro continues to track, analyze and report on the IT channel and the growing MSP partner community. He can be reached at pedrocolumn@gmail.com.

pedrocolumn@gmail.com