Q

Strong password policies needed for one or many offices

Although there are many tools and best practices for password policies across remote offices, it's important to remember the basics for Windows security.

How do we ensure password security across multiple offices?

That's a question that seemingly no one can find the answer to. For instance, the 2014 Verizon Data Breach Investigations Report found that the top 10 threat actions in 2013 involved people (i.e. passwords and phishing) and malware. Weak passwords are a security vulnerability that can get you into a bind very quickly.

Keeping passwords under control across multiple offices is not really all that different than keeping them under control in one office. It's helpful if you have a Windows domain where you can enforce password policies across all locations. Here are several other things to consider:

  • People are going to take the path of least resistance with security. If you give users the option to set weak passwords, they will.
  • You need to create standards for password policies that apply to all users across all systems, applications, databases and mobile devices.
  • Management is often the most important underlying issue with weak passwords. I've seen it over and over again where IT and security teams try to do the right thing by creating stronger security policies, then users subsequently complain about all the inconvenience. Management doesn't want to hear it -- and many execs don't want strong passwords either -- so they proceed to tell IT/security to loosen up their policies. And thus the cycle of weak passwords and subsequent breaches begins.
  • You need to be testing for password vulnerabilities on a periodic and consistent basis. Good network vulnerability scanners -- such as Nexpose and LanGuard -- and Web vulnerability scanners, such as Netsparker and NTOSpider, are great for finding the not-so-obvious weaknesses.

Some say that passwords are old-fashioned and that we shouldn't even be using them. However, the reality is passwords as a security mechanism are like trying to put toothpaste back in the tube -- they're here to stay, at least for the foreseeable future. Whether you have one office or multiple offices, it's good to go ahead and figure out ways you can set reasonable password policies for IT and desktop security.

Next Steps

A proper Windows desktop audit can help standardize configuration settings

How to disable the default Windows password filter

Find and fix Windows vulnerabilities with free, open-source tools

FAQ: Detecting rootkits and removing malware

Enterprise guidelines for secure remote access

This was first published in July 2014

Dig deeper on User passwords and network permissions

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close