Data Loss Prevention: Securing your sensitive data
Learn how you can secure sensitive corporate data with the help of Hexnode.
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
May 29, 2020
12 min read
Password policy is a set of rules designed to enforce strong passwords and secure practices around their usage in an organization. These rules may include minimum password length, complexity requirements, special characters, etc.
Password policies work towards improving the safety of corporate data stored within the devices, systems, and networks coming under the purview of the enterprise.
Many organizations lack the appropriate security measures required for today’s cyber landscape. You might think your organization or your employees would be more conscious when it comes to password creation. But if you look at the most popular passwords of 2020 you could see that passwords such as 12345678, qwerty, 12341234, etc. top the chart. So, a chink in the armor is highly likely to happen. These can be mitigated with the help of an airtight password policy.
In this blog, we’ll be looking at a few best practices to follow to create an effective password policy and how these practices can be applied to your organization with the help of Hexnode MDM.
This is the bread and butter of any password policy. With the help of these fundamentals, you can build a password policy that could protect the devices, networks, and systems that come within your organization.
A rule can be set on how often employees are allowed to use old passwords. This can reduce the chances of employees using previously used passwords. It would be best to enforce a password history policy that determines an employee’s number of unique passwords before they try to reuse an old one. The employee should enter a minimum of at least 3-5 unique passwords.
The admin and the IT team have to set an expiry date for the passwords used by the employees on their work devices. The passwords on such devices need to updated regularly so as to improve the security posture of your organization. Set a password age so that this is possible and employees can update their passwords on their own volition.
Complex passwords are hard to guess and therefore, are harder to crack. A solid complex password should be of at least six characters, it should also not contain any user name elements (such as their first name) and should use several types of characters — lower case and upper case, numbers, and symbols such as! * + etc. Set password complexity requirements in your password policy to make sure that employees adhere to the complexity standards are creating strong passwords.
Password length also plays a major role in determining the strength of a password. As such being the case, defining the total length of the password is crucial for organizations that should ideally include 12 characters but can be up to 16 to add to its complexity and security.
Include the account lockout policy which determines the amount of time the device will remain locked out after a certain number of invalid password entries. You can select the ideal lock-out period that should be initiated after the maximum number of erroneous password attempts has been made.
Now, since we have an idea regarding the best practices to be followed while preparing a password policy, let’s see how we can put these tips into action using Hexnode MDM.
Sign up with Hexnode MDM to seamlessly enforce security standards in your organization.
Set up an airtight password policy.
Sign up with Hexnode MDM to seamlessly enforce security standards in your organization.Sign up!
Hexnode allows the admin to configure the password rules to be maintained by the end-users. These rules define the complexity and strength of the password which in turn increases the safety of the device.
These rules are pushed to specific devices as policies through the Hexnode MDM console using the following path.
The IT admin can also check the password compliance of each device through Hexnode’s portal. This way the admin can initiate further actions if necessary. The compliance depends upon the restrictions which are stipulated below.
The following are the restrictions which the admin can use in these policies across multiple platforms
When pushing a passcode policy to an iOS device, the employee is required to set up a device passcode specific to the set passcode rules. Specifically, for iOS devices, these are the different scenarios that might happen while setting up a password policy.
For macOS devices, the configurations or rules can be set up directly.
These are the configurations or rules for iOS and macOS devices.
While setting up a password policy for Android, when you select the password option, you would be given two choices. These choices are device password and work profile password. The device password, as the name suggests applies to the device as a whole. It locks the entire device and any configurations or rules set would apply to the device as a whole. Work profile password deals with the Android work profile, the separate work container that can be created inside an android, which separates work data from personal data. This is a separate, encrypted work container so any password policy pushed via work profile password would only apply to this container.
The following are the configurations available to both android and android work profile.
Hexnode MDM facilitates strict password policy compliance on users of Windows devices, thereby preventing unauthorized access to the device.
Since you are now all set an airtight password policy, now we should look into a scenario where the employee might not available to unlock the device for you. They might have left the organization and they forgot to give you the password they set. You can remotely reset the password in Android and iOS devices in such cases.
Beyond what Hexnode MDM can provide you as an IT manager could instill some knowledge among the users so that the password policy is successful from inside out.
The IT department should make sure that the employees are well aware of the importance of a strong password. According to Verizon’s Data Breach Investigations Report 2016, about 80% of Hacking attempts occur due to stolen, default, or weak credentials. You can curb this issue to an extent by providing employees with relevant knowledge regarding a strong password. The IT department should take it up as their responsibility to explain the various issues or losses that could be faced by the company if such a breach happens. The employees should be made aware of all the risks, common or complex, caused due to lax password security.
Strong password creation should be taken up as a part of cyber-security enhancement and the IT department should be able to help the employees to set up a strong password, if necessary. The IT department can utilize the best practices which are mentioned above to give the employees and idea about a strong password. Various tenants of a strong password like its length, number of complex characters, password history, etc. should be explained to them is need be.
A strong password policy is an absolute necessity in today’s cyber world. It often overlooked by many organizations and they have paid for it dearly. Do not make that same mistake. Always remember, data that is work keeping, is worth protecting.