{"id":5086,"date":"2019-04-26T23:23:13","date_gmt":"2019-04-26T22:23:13","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5086"},"modified":"2021-03-31T23:26:34","modified_gmt":"2021-03-31T22:26:34","slug":"how-to-build-password-policies-for-your-customers","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers","title":{"rendered":"How to Build Password Policies for Your Customers"},"content":{"rendered":"<p>Building your customer password policy can be tricky because it needs to balance security and convenience. Too much convenience, and you lose security. Too strict, and no one will use it.<\/p>\n<p>As a managed service provider (MSP), how do you create password policies that work for everyone? First, let\u2019s look at some key elements that go into creating a comprehensive policy.<\/p>\n<h3><strong>1\/ Password complexity<\/strong><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" id=\"\" class=\"img-responsive\" title=\"\" src=\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg\" alt=\"passwords3_blog.jpg\" width=\"413\" height=\"204\" align=\"right\" hspace=\"5\" data-entity-type=\"\" data-entity-uuid=\"\" \/>There are several aspects you need to think about when looking at password complexity; here are some common factors to consider:<\/p>\n<ul>\n<li>Character sets\u2014A good rule of thumb is passwords should contain at least three of the four types of characters: upper case, lower case, numbers, and symbols.<\/li>\n<li>Password length\u2014Passwords should be a minimum of eight characters long but preferably closer to 15.\u00a0You can use\u00a0<a class=\"ext\" href=\"https:\/\/en.wikipedia.org\/wiki\/Passphrase\" target=\"_blank\" rel=\"noopener noreferrer\">passphrases<\/a>\u00a0to make long passwords easier to remember.<\/li>\n<li>Forbidden words\u2014Passwords should never contain parts of the username\/login, name of the service, or personal information, like date of birth or ID numbers. Also, never use the same password across different devices, such as the same password on routers and server access. And the big one for all users: Always create unique passwords; never use the same one as you have for applications like Facebook or LinkedIn, for example.<\/li>\n<\/ul>\n<h3>2\/ Password changes<\/h3>\n<p>What happens when it\u2019s time to change passwords? You need to carefully consider how often those changes need to be made. Here are some things to think about:<\/p>\n<ul>\n<li>Password history\u2014Do not reuse old passwords. Do not create \u201cnew\u201d passwords by simply changing one character.<\/li>\n<li>Forced password resets\u2014Traditional password reset models dictated passwords should be changed at least every 180 days, ideally every 90 days. However, advice and guidance on this is starting to change, as\u00a0<a class=\"ext\" href=\"https:\/\/www.sans.org\/security-awareness-training\/blog\/time-password-expiration-die\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>\u00a0from the SANS institute explains.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" id=\"\" class=\"img-responsive\" title=\"\" src=\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/Passwords1_blog.jpg\" alt=\"Passwords1_blog.jpg\" width=\"407\" height=\"201\" align=\"left\" hspace=\"5\" data-entity-type=\"\" data-entity-uuid=\"\" \/>Each of the elements above offers something different in creating secure passwords.\u00a0Complexity creates passwords that are harder to brute force attack or guess.\u00a0Not using the same password across different logins helps protect all your accounts in the event one is breached. Forced password resets help protect against undiscovered breaches\u2014by changing your passwords periodically, you increase your chances of having a different password when a malicious actor gets around to using one extracted from a breach.\u00a0Also remember, as a company\u2019s MSP, it is your responsibility to periodically change administrative passwords for devices and services.<\/p>\n<h3><b>The role of two-factor authentication<\/b><\/h3>\n<p>In addition, users need to utilize two-factor authentication (2FA) everywhere it is available\u2014it is not available everywhere yet, but it is becoming much more prevalent\u2014and most popular online services allow it as an option.\u00a0It works by combining something you know and something you have (usually your phone) to create a more secure login. At the time of writing, it is probably one of the best available combinations of high security and ease of use.<\/p>\n<h3><b>Communicating your password policy<\/b><\/h3>\n<p>For MSPs, the most important part of a password policy is how it is communicated to customers. Firstly, it must be written down and readily available for reference when setting up new accounts. Some MSPs even go to the extent of adding their password policy to their contracts, so if the policy is not followed, the work to remediate any issue related to password breaches becomes billable.<\/p>\n<h3><b>Mitigating human error<\/b><\/h3>\n<p>Since human behavior and error are responsible for a substantial portion of breaches today\u2014the\u00a0<a class=\"ext\" href=\"https:\/\/securityintelligence.com\/series\/ponemon-institute-cost-of-a-data-breach-2018\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ponemon Institute Cost of Data Breach Study 2018<\/a>\u00a0found that 27% of data breaches were caused by human error\u2014it is highly important to educate end users on the importance of secure passwords. You can only enforce policy so much, most of the time you must rely on users making good judgement when creating and maintaining passwords.<\/p>\n<p>To help this process along, many MSPs hold periodic training for their customers in order to reinforce proper security guidelines and educate on new threats. These training sessions can count as billable time or, for a fully managed plan, can be included as part of their monthly fee. The overall benefits to the MSP are less security issues and a closer relationship, not only with the customer\u2019s main contact, but with their end users as well.<\/p>\n<p>Security is of paramount importance today, and passwords are the gateway to\u00a0much of the information and services that represent prime targets for malicious activity. Enforcing a solid password policy and educating your customers on proper passwords are two key pieces of the security puzzle\u2014and very often, the hardest to put into place. Using the right balance of security and usability will help you create the right password policy for your customers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Passwords form one of the most important barriers to data breach. Eric Anthony looks at how to create a strong password policy for your customers.<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5086","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to Build Password Policies for Your Customers - N-able<\/title>\n<meta name=\"description\" content=\"Passwords form one of the most important barriers to data breach. Eric Anthony looks at how to create a strong password policy for your customers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Build Password Policies for Your Customers - N-able\" \/>\n<meta property=\"og:description\" content=\"Passwords form one of the most important barriers to data breach. Eric Anthony looks at how to create a strong password policy for your customers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-26T22:23:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-31T22:26:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg\" \/>\n<meta name=\"author\" content=\"N-able\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"N-able\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers\"},\"author\":{\"name\":\"N-able\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\"},\"headline\":\"How to Build Password Policies for Your Customers\",\"datePublished\":\"2019-04-26T23:23:13+01:00\",\"dateModified\":\"2021-03-31T22:26:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers\"},\"wordCount\":776,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg\",\"articleSection\":[\"Security\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers\",\"url\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers\",\"name\":\"How to Build Password Policies for Your Customers - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg\",\"datePublished\":\"2019-04-26T23:23:13+01:00\",\"dateModified\":\"2021-03-31T22:26:34+00:00\",\"description\":\"Passwords form one of the most important barriers to data breach. Eric Anthony looks at how to create a strong password policy for your customers.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#primaryimage\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/it\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Build Password Policies for Your Customers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/it\/#website\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\",\"name\":\"N-able\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"caption\":\"N-able\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Build Password Policies for Your Customers - N-able","description":"Passwords form one of the most important barriers to data breach. Eric Anthony looks at how to create a strong password policy for your customers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers","og_locale":"it_IT","og_type":"article","og_title":"How to Build Password Policies for Your Customers - N-able","og_description":"Passwords form one of the most important barriers to data breach. Eric Anthony looks at how to create a strong password policy for your customers.","og_url":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2019-04-26T22:23:13+00:00","article_modified_time":"2021-03-31T22:26:34+00:00","og_image":[{"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg","type":"","width":"","height":""}],"author":"N-able","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Scritto da":"N-able","Tempo di lettura stimato":"4 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers"},"author":{"name":"N-able","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b"},"headline":"How to Build Password Policies for Your Customers","datePublished":"2019-04-26T23:23:13+01:00","dateModified":"2021-03-31T22:26:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers"},"wordCount":776,"publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"image":{"@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#primaryimage"},"thumbnailUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg","articleSection":["Security"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers","url":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers","name":"How to Build Password Policies for Your Customers - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#primaryimage"},"image":{"@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#primaryimage"},"thumbnailUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg","datePublished":"2019-04-26T23:23:13+01:00","dateModified":"2021-03-31T22:26:34+00:00","description":"Passwords form one of the most important barriers to data breach. Eric Anthony looks at how to create a strong password policy for your customers.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#primaryimage","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/11\/passwords3_blog.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/it\/blog\/how-to-build-password-policies-for-your-customers#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/it\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"How to Build Password Policies for Your Customers"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/it\/#website","url":"https:\/\/www.n-able.com\/it\/","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/it\/#organization","name":"N-able","url":"https:\/\/www.n-able.com\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b","name":"N-able","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","caption":"N-able"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/5086","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/comments?post=5086"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/5086\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/media?parent=5086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}