4 ways to improve poor password management

New research confirms what IT managers already know: Users practice poor password management. But is there really anything IT can do about it?

Identity protection/fraud detection company CSID surveyed 1,200 Internet users with the help of data collection firm Research Now. The results of the survey uncovered a disconnect between what consumers think and feel about online security versus what they actually do when creating accounts online.

For instance, 73% said they think about strength and security when coming up with new passwords and 89% said they feel secure with their current password creation and management habits, yet:

  • 61% said they reuse the same passwords across multiple sites
  • 54% said they have five passwords or fewer, and
  • 44% said they change their passwords once a year or less.

If these results are any indication, it’s time for IT to drive home the point that if users want to be truly safe and secure while using the Internet, they’ve got to do more than create one or two strong passwords for all their accounts. Not only that, users must be made aware of how poor password management puts themselves and their company at risk.

Strategies for better password management

As an IT manager, you’re well aware of the various ways to enforce password security on your network, but CSID suggests some points you’ll want to bring up with users on a regular basis:

  • Whenever possible, use strong passwords that contain more than 10 characters and include a mix of upper- and lowercase letters, symbols and numbers.
  • Create a unique password for each of your online accounts and vary the email addresses you tie to these accounts.
  • Do not store usernames and passwords in an unsecured (unencrypted) file on your computer or the network (or online).
  • Do not share your password with anyone, not even friends and family. (Remind them that even if a person is trustworthy, there’s always a chance their computer is infected with malware that steals passwords, such as a keylogger, for example.)

Another suggestion: password management software. You could encourage users to find one they like or you could evaluate some on your own and choose one for everyone in the company to use.