Posted by nbsweb Last updated 23rd January 2020 reading time
Have you ever seen a password for an important service written on a sticky note attached to the monitor? Or written in a notebook next to the computer? If you have ever seen something like this, you can be sure that you’re in an office that doesn’t take security very seriously.
It’s easy to think that this isn’t much of a problem. Your trusted employees wouldn’t do anything to harm your business, and nobody’s breaking into your office to be able to read those passwords anyhow. Right?
Well, unfortunately, that’s just not good enough. You never know what can happen. With poor identity practices, your business can be one break-in, or one missing notebook, or one negative interaction with a disgruntled employee away from disaster. Worse yet, you might never be able to prove a thing, or even suspect what happened.
That’s why industry ‘best practices’ are the best, and not just ‘good’ or ‘okay’. There’s a number of reasons to secure your network and services, and ensuring you and your employees utilize good identity management practices are key to keeping your company moving along smoothly. Let’s have a look at a few of them.
Why You Shouldn’t Share Passwords.. For Anything
Imagine building a tree fort with three of your friends as a kid. You’ve already decided that nobody should come in except for the four of you (especially not your sister). You share a secret password between you and declare that nobody can get into the tree fort unless they have the password. At last, your secret candy stash is secure!
At face value, this sounds similar to how passwords in computers work. But there’s actually some differences that are important to know.
It’s important to remember why passwords are used. Passwords are about more than just checking to see if someone knows a secret word. The whole point of using passwords is to restrict access to a service (or a tree fort!) except to authorized users. In the case of your tree fort, it’s quite easy to look down and check to see who that person is—effectively a second form of verification. After all, if your sister wanted to get in and she happened to know the password somehow, you still wouldn’t want her in there.
However, when it comes to computer networks and online accounts and services, the stakes are a little higher than your candy stash getting raided.
Tracking Your Actions
Let’s imagine first that you have 10 computers in your office, and none of them have any kind of password on them at all. That’s the least secure option—that means anyone walking into your office can access everything.
That’s not safe. So you decide to implement a password for these computers. However, to keep things simple, you decide that every computer should have the same password, and you share it with your employees. Now, your network is secure, right?
Well, not really. The second option is certainly more secure than the first—after all, now your network is restricted to only your employees. But, authentication is also about matching individual actions to the users performing them. If everyone in your company were using the same login details, you might not know who accidentally (or intentionally!) deleted an important file, or who made the last changes to an important spreadsheet.
In fact, Windows networks have powerful auditing tools built in to record a great deal of information on activities conducted on the network. Ensuring that everyone has a unique login and password will help you know who’s doing what on your network—and more importantly, could prevent them from doing something they shouldn’t.
This concept extends to more than just your Windows network, however. If your company uses online web services or portals for business-critical functions, and a user can make any kind of change in that service simply by logging in, such as deleting a file or editing a document, you’ll want to inquire about having separate logins for each of your users.
Reusing Passwords—Is There An Alternative?
Everyone’s got lots of passwords these days. So much so that it can be difficult to distinguish your Netflix password from your bank account password, from your work password. It’s tempting to use the same password for everything—after all, it’s still private and only you know it, right?
Well, it’s not as secure, that’s for sure. And you’ll want to have your business follow best practices. But if you dread the thought of having to remember a dozen unique passwords just to show up at the office in the morning, you can breathe a sigh of relief—there’s an app to fix that.
You can set up a password manager app to help you with the task of remembering lots of tasks, simply by not having to remember them at all. A password manager will digitally store and encrypt your passwords in a way that only it can read, so that you never have to remember a long, new password again. An example of a password manager would be at https://passwords.google.com/, a password manager that ties into your Google account. If your organization has many different resources to access, it might be wise to see if this solution is right for your team. After all, it’s definitely a lot more secure than a sticky note on your monitor!