Guide to managing passwords in the enterprise (updated)

Guide to managing passwords in the enterprise

Managing passwords in the enterprise takes real effort on the part of IT administrators. Password policies must be created to stave off password management nightmares. Users need to be educated about proper password etiquette to ensure the security of their desktops, smartphones, Web-based accounts and other places where sensitive information may live.

Check out our tips and advice on how to best monitor passwords in your enterprise and prevent attacks that take advantage of weak, forgotten or lost passwords.

Table of contents:

Managing passwords in the enterprise

Manage multiple passwords in Windows
Think of all the systems you have to remember passwords for: Windows, email, social networking sites, business websites and so on. Undoubtedly, there are quite a few, and you're ideally not using the same password for every account. So how can you monitor passwords in your environment to prevent exposure? Start by establishing password policies, and consider adding another layer of security, such as hard drive encryption.

Windows 7 doesn't end the need to monitor passwords
When passwords are cracked in Windows 7, more information is at risk than you might think. Thinking carefully about how to safeguard your passwords could mean the difference between keeping data safe and a suffering from a breach. Microsoft BitLocker or other third-party encryption software can encrypt your whole drive. Perform desktop audits to find out what sensitive data is stored locally, and disable password autocomplete to help monitor passwords.

Windows password management myths
Your passwords are between six and eight characters long -- consisting of numbers, special characters, and uppercase and lowercase letters -- so they're unbreakable, right? Think again. Such passwords can be easily guessed, but passwords shouldn't just be assigned to users either. Consider these and other password management myths that have been debunked for your security-seeking pleasure.

Should you eliminate passwords in your enterprise?
Users who choose weak passwords may as well choose to use no password at all. Strong passwords, while useful in increasing security, are a pain to remember when users have so many that change every 30 to 90 days. There are, however, alternatives to passwords, such as authentication tokens, which require both a personal identification number and the physical token.

Building secure passwords

Bolstering enterprise password strength
Whether you're using passwords by themselves or coupling them with other security measures, password strength is important in ensuring safety. Some key things to keep in mind when managing passwords are setting expiration dates, not allowing repetition and always using at least eight characters. Long phrases can work as mnemonic devices to increase security.

Build secure computer password policies
Effectively managing passwords begins with a strong password policy. If your organization doesn't have one, you're already behind the eight ball because creating a policy for users is a great step to ensure enterprise security. Recommend that employees use passphrases, whose complexity poses a greater challenge for would-be attackers.

Balancing Windows security with reasonable password policies
A weak password is the most common culprit in security breaches. Microsoft Active Directory allows IT admins to control all Windows-related passwords in one neat place. Aside from Active Directory, organizations should have clear password policies laid out for users. A policy should include advice on building strong passwords and a reminder not to use the same password for everything.

Password best practices

Enterprise password protection checklist
It's never a bad idea to use a password protection checklist when managing passwords in the enterprise. First, get to know your enemy: Figure out how intruders infiltrate your systems so you can better combat them. Next, learn how to create secure passwords that follow your guidelines. Enforce your policy, frequently audit users' passwords, and educate your users about password safety.

Nine common password oversights to avoid
Knowing what not to do is just as important as knowing what to do. When it comes to managing passwords, don't just focus on your operating systems -- remember to secure your smartphones, firewalls and Wi-Fi networks as well. Also, don't assume that your old password policies are good enough. Update them regularly to be sure you're doing everything you can to secure your environment.

Secure your Windows systems with proper password practices
IT admins should aim for simple, clear-cut password policies that users will be able to comprehend quickly and apply to their passwords. Provide examples of strong passwords -- such as a passphrase or one with special characters and numbers -- and insist that employees follow these rules. Having a policy in place is useless unless your users know to follow it.

What place do biometric passwords have in enterprise security?
Passwords are the typical security precaution, and they're often users' only line of defense. But more and more, enterprises are starting to make use of biometric passwords -- for instance, with fingerprints and retina readers. Biometrics should never be used to replace standard passwords but instead be an extra layer of security.

Cracking desktop passwords

How to crack a password
By understanding how to crack a password, IT admins can better monitor passwords. Most password-cracking methods fall into four categories: brute force, dictionary, decryption and circumvention. Brute force involves a lot of guessing until the attacker gets it right. Dictionary attacks -- choosing random words from a dictionary -- have become archaic nowadays. Decryption requires a tool to uncover an encrypted password, and circumvention entails working around the password that's already in place.

Cracking passwords in Windows 7
The Windows 7 operating system is no more secure than its predecessors. Windows 7 passwords are still vulnerable to intruders trying to crack them with a myriad of tools, including Ophcrack, Elcomsoft System Recovery and John the Ripper. Be aware of these and other tools when managing passwords in your enterprise.