The idea of passwords goes back long before computers, back to when you had to prove you were a friend by giving the secret word to get by the guard. Much later, it provided a way to prove you were a friendly actor and were allowed onto a computer system.
The trouble with passwords, as we all know all too well, is that people aren’t all that good at creating them, and hackers are excellent at guessing or stealing them. That leaves a big problem for MSPs, who are charged with keeping their client’s systems secure.
People are bad at creating passwords, while hackers are great at stealing them, which creates problems for #MSPs trying to protect their clients’ systems. #PasswordManagement
Not a week goes by without some sort of major hack where a large cache of passwords gets leaked. If it ended there, it wouldn’t be so bad. As we know, people tend to use the same password across systems, so if hackers get a password from System A, they can use it to get into System B too.
Problems meet solutions
Identity protection company 4iQ conducted a survey in 2018 of over 1000 adults in the US that revealed 79 percent of respondents believed their passwords were weak, and 38 percent reused passwords on different systems.
The question becomes how do you deal with this? While you may believe that the time has come to find a new way to protect our systems, at the very least as MSPs you can begin to take control in some significant ways.
First of all, start with a password manager like LastPass or Zoho Vault. These tools create a secure, hard-to-guess passwords for the user and stores it securely for them. This will remove the burden from users of creating a strong password. You will no longer have to worry about users writing down their passwords, something other surveys have shown people tend to do too.
The next step is to add multi-factor authentication, or a second step beyond just entering a password. There are a number of ways to do this, including sending a text to your mobile phone with a code you have to enter to continue. A better solution is using a tool like Duo, which sends a notification to your mobile phone. If you made the request, you approve it. If someone else is trying to get onto your system, you deny it. It’s simple and effective.
The beauty of both of these approaches is that takes much of the burden for password creation and security out of the hands of the end user. Employees should not be personally responsible for securing your systems.
As an MSP, when you put tools like these in place, you help remove a lot of the complexity associated with creating, managing, and remembering passwords. While there isn’t a system that is perfect, these solutions will go a long way toward creating strong passwords and protecting access to your client’s systems.
Photo: Ilija Erceg / Shutterstock