Password Policy Best Practices
Improve Security at Your Business in 2021
All businesses in today’s world should be mindful of their digital security practices. As the administrator or IT expert, you can easily implement some best practices to secure your data and make sure that your business is protected.
But online security doesn’t need to be complicated or out of reach. It starts with something as simple as a secure password policy at work.
Best Practices for Password Security
Here are the best practices that businesses around the world use to protect their data and keep their passwords secure.
Create Strong Passwords
A good password is so much more than something easy to remember.
In fact, the best passwords are not easy or intuitive to remember at all.
When creating a new password, whether for the first time on a new account or when updating an existing account, you should think carefully about the words and characters that you choose.
A strong password often includes:
- Uppercase letters
- Lowercase letters
- Special characters
As the administrator, you can require that all passwords within your company's Google Workspace setup use a combination of these characters.
It is also important to share these guidelines (and why these guidelines are a requirement) with your employees so that they understand and adhere to password requirements.
The biggest vulnerability when it comes to passwords is human error; the more your employees know, the better equipped they will be to create a strong password and adhere to the password policy best practices you put into place at your organizastion.
Good vs Bad Passwords
It should be a no brainer, but passwords should not include easily guessed words or phrases. While it may be tempting to use the word “password,” since it will be easy to remember, it also makes it easy for malicious users to guess. The same goes for words like the company name, the user’s name, or another easy to guess phrase.
Good passwords do not use characters that are adjacent to each other on a standard QWERTY keyboard. An example of this kind of password would be “Fluffy1234.” Instead, choose numbers and characters that are located around the keyboard, such as “Fluffy1836.”
Be careful not to use your birthday, anniversary, or graduation year--all dates that are easy to find out using social media and public records.
Longer passwords tend to be more secure than shorter passwords, but only if they are made with the other password security best practices in mind.
It is generally recommended and considered a password policy best practice to set an eight character minimum on passwords. The longer the password, the more possible combinations a malicious user will have to guess before they land on the right one.
With password cracking software available to try random combinations at lightning speed, you should try to make it as difficult as possible for them to find your password among the millions of possibilities.
Protecting Your Password
Once you create the perfect password, your work is not done.
You should update that password every few months - we recommend 6 months at a minimum (but more frequently is better). Make sure to guide your employees to create strong but unique passwords each time. This means that when they update their password, they should not just change one character or number. They should generate a completely new password that is independent of any they have used previously.
Another password policy best practice is to avoid using the same password for multiple logins. Stress to your employees that their password at work must be unique and in no way related to what they use for any and all personal accounts they have.
Once one password is compromised, it’s only a matter of time until the rest of your accounts are as well. This is why it is particularly important to keep your work accounts and personal accounts separate and protected. Ideally, employees will be following password security best practices at home, too. But just in case they are not, you want to keep their work accounts as secure as possible.
Don´t Write it Down
One of the easiest best practices is to encourage employees not to write down or store their password at their workstation. It can be very convenient to have your password right next to the computer where you use it, but it also makes it easy for anyone else to use it as well.
If anyone who sits at your desk can log in using your password, it isn’t actually offering any level of security.
If you want more than a single password, consider using two-factor authentication, something we recommend. Two-Factor Authentication (2FA for short) requires all users to enter a password and confirm their identity using another independent source, such as a mobile device or a separate email account.
Requiring two-factor authentication is one of the best things you can do as an administrator to enforce password security and keep your company's data and customer data secure.
Google Workspace Security
As the administrator for your company’s online Google Workspace collaboration, setting up policies and procedures to keep password security high is easy.
There are a few tools that you can start using today, as well as a few more advanced options available through a Google Cloud Premier Partner (like Suitebriar).
Basic Google Workspace Password Security
Google Workspace administrators can set up many security protocols and put those in place for their users. One of the best options available applies to passwords, but protects documents, files, and other data stored within the Workspace.
It's simple, fast, and easy to require all users to log into their Google Workspace accounts using multi-factor authentication.
This means that they will enter a password, just like most other accounts. But they will then be prompted to further confirm their identity using a method that they established when they first created their account. Options include entering a randomly generated PIN, which is sent to their mobile device number or separate email address on file. As the administrator, you can require this step for all users, and we strongly recommend doing so.
Administrators can also add and issue security keys.
These physical keys are inserted into the user’s computer to physically verify that they have access to the account that they are trying to log into at that time. The user is required to have physical custody of the security key at their machine, just like a key unlocks a door to their home.
Concierge Security in Google Workspace
While many of the security features available in Google Workspace are easy to use, it can take some time to fully implement everything available. That’s where a Google Cloud Premier Partner, like Suitebriar, can be so helpful.
Some of the key ways that working with a Google Cloud Premier Partner can set your business apart include:
- Change management: The period of implementing and making a change to password practices is the absolute best time to enlist the help of a professional Google Cloud Premier Partner to make sure the implementation goes smoothly.
- Employee education: An informed employee is a security-focused employee. Google Cloud Premier Partners can assist to develop and provide cybersecurity training for your workforce.
- Customer Support: Having an issue? A Google Cloud Premier Partner can help resolve your problem. If it is something larger, they have priority access to Google support and can help bring the issue up further.
- Custom Google Cloud Design: A Google Cloud Premier Partner can help you lay out your ideal Google Workspace, whether you are at the beginning or have already been using online tools for awhile. This can be especially helpful for those looking to migrate their company’s data and resources over to a Google Workspace from another platform.
Google Cloud Premier Partners can help businesses of all sizes and types take advantage of the amazing features in Google Workspace. Most importantly, they can help you implement password policy best practices to keep your company’s important information private and secure, and protect any and all customer data.
We've all seen how data leaks and hacks can permanently damage a company's reputation. Take the steps you can now to safeguard your company from that toxic PR.
Whether it is creating a password protection plan or educating your employees as you learn to use Google Workspace, working with an expert will ensure your accounts remain secure from the very beginning.
If you want to take advantage of the security features of Google Workspace but aren’t sure where to start, work with a Google Cloud Premier Partner to get access to and implement the full range of security protocols just waiting to be utilized in your Google Workspace.
If you'd like a professional checkup, you can request a free Google Workspace security audit by clicking the link below.