Increasing Password Awareness and Security for your Users

Security of your users and system resources is a never ending battle and as we see more thefts relating to user credentials it means admins must get more creative in protecting that data.

Richard Hay, Senior Content Producer

May 26, 2016

2 Min Read
Increasing Password Awareness and Security for your Users

I am sure all of you administrators out there take every possible step to protect the integrity of your company and user data by implementing solid security policies and practices.

We live in a world where we hear about a security breach or leak of user credentials on a far too regular basis so there is always room for improvement.

One area that is a constant point of contention is user/system passwords.

While I was browsing my RSS feeds this week I came across a blog post from Microsoft's Active Directory Team that shared some great insights into password best practices. In it they talk about how a couple of Microsoft services, Azure Active Directory and Microsoft Accounts, approach protecting access to those accounts.

However, before they go into those details, they point to a recent whitepaper written by Robyn Hicock, one of their Program Managers, that provides research and suggestions for improving password security. You can download the 19 page (PDF, 1MB) whitepaper from the Microsoft Research website.

A quick snapshot of the advice she gives IT admins includes these suggestions:

  • Maintain an 8-character minimum length requirement (and longer is not necessarily better).

  • Eliminate character-composition requirements.

  • Eliminate mandatory periodic password resets for user accounts.

  • Ban common passwords, to keep the most vulnerable passwords out of your system.

  • Educate your users not to re-use their password for non-work-related purposes.

  • Enforce registration for multi-factor authentication.

  • Enable risk based multi-factor authentication challenges.

Now some of those recommendations really go against the grain of what we have been told for quite a while but once you read the whitepaper I think things will become much clearer.

Her work also includes info for your users to help improve their security posture when it comes to their accounts and hardware.

Be sure to visit and read the entire 117M leaked creds (from LinkedIn?). New best practices + #AzureAD and MSA can help blog post and the whitepaper.

I suspect it will give you and your team a lot to discuss.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

----------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!

IT/Dev Connections

About the Author

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like