Securityby: KabayaReading Time: 3 min
CybersecurityIT ManagementCorporate Security

Must-Read for IT Managers! How to Strengthen Password Management in Your Company

Are you leaving password management up to individual employees? Many
cyberattacks start by exploiting weaknesses in password practices—often due to
human error or poor internal management. If your company’s password policies are
too lax, a single compromised account could lead to a major data breach. In this
article, we’ll break down five key strategies IT professionals should implement
to strengthen internal password management. From realistic policy setting based
on the latest NIST guidelines, to effective tool usage and employee education,
we’ll cover practical steps you can take to protect your organization.

Why Is Password Management Important?

Many corporate security risks stem from poorly managed passwords. Weak or reused
passwords often become targets for cyberattacks. Phishing attacks and credential
leaks are increasing, leading to unauthorized access that can cause significant
damage to businesses.

Five Key Points to Strengthen Password Management

1.Establish and Enforce a Password Policy

To maintain password strength while minimizing user frustration, consider
adopting the following rules based on recommendations from NIST (National
Institute of Standards and Technology):

  • Minimum password length of 8 characters (using 15 characters or more in a
    passphrase format is highly recommended)
  • Mixing uppercase, lowercase, numbers, and symbols is optional (length is more
    important than complexity)
  • Regular password changes are not required (unless there’s evidence of
    compromise)
  • Disallow the use of known leaked passwords (compare against breach databases
    where possible)
  • Avoid reusing passwords across multiple systems (especially for work-related
    accounts)

NIST’s latest guidelines emphasize length over complexity and maintaining
secure passwords over enforcing periodic changes. Forcing regular updates
often leads to predictable patterns (e.g., Spring2024! → Summer2024!), which can
weaken security rather than enhance it.

2.Implement Multi-Factor Authentication (MFA)

MFA significantly reduces the risk of unauthorized access, even if a password is
compromised. Consider using:

  • One-time passwords (OTP)
  • Authentication apps (such as Microsoft or Google Authenticator)
  • Hardware tokens

3.Utilize a Password Manager

Password managers such as Zetetic
Codebook
(eSolia’s choice) or 1Password help employees generate and store strong
passwords securely, in an encrypted database application. Benefits include:

  • Automatic generation and secure storing of strong passwords
  • Preventing password reuse
  • Checking if your passwords were leaked in a security breach
  • Ease of entering your passwords when requested
Screenshot of the main page in Zetetic Codebook
Fig)the main screen in Zetetic Codebook

4.Strengthen Access Control

Apply the Principle of Least Privilege (PoLP) by granting only necessary
access rights, and consider “Just in Time” access rights allocation solutions,
such as M365 PIM. Additionally:

  • Regularly review access permissions
  • Properly manage accounts of former or transferred employees

5.Employee Education and Regular Security Training

Password security is not just an IT issue; all employees should understand its
importance. Conduct training on:

  • Identifying phishing emails
  • Raising awareness of security best practices
  • Simulated attacks to test employees’ responses

At eSolia, in addition to taking part in security training, all employees create
a monthly quiz based on articles from the magazine Nikkei Network, covering a
wide range of IT and security topics. These quizzes are then delivered daily
through TMC, our attendance and work tracking app, in a True/False format. This
unique initiative helps reinforce both security awareness and overall IT
knowledge as part of our everyday workflow.

Conclusion

Strengthening password management is a fundamental part of corporate
cybersecurity. IT managers and decision-makers must lead efforts in setting
policies, implementing security tools, and educating employees. Start by
assessing your company’s current password management practices and take steps to
enhance security today!

At eSolia Inc, we provide reliable IT support services for businesses as an
outsourced IT department. If you’re considering IT outsourcing, feel free to
contact us for more information.

Kindly do us a favor?
Share this post on social media!

Share on LinkedIn Blueskyでシェアする X Twitterでシェアする
Description of image