World Password Day: Top Tips From Our Head Nerds

In honor of World Password Day, we asked our Head Nerds for their top password-related tips and thoughts. One thing they could all pretty much agree on is that passwords shouldn’t be replaced, but that they should be supplemented with MFA. Here’s what else they had to say:

Eric Harless

Secure passwords don’t work unless you have secured your user accounts. So, you need to make sure you do the following:

  • Create named users only, remove shared helpdesk or NOC credentials, so you don’t have to share passwords.
  • Assign “least-privilege access” roles and limit the number of root/admin /superuser/security officer roles.
  • Monitor/enforce multi-factor authentication (MFA)
  • Don’t log in (or enter your credentials) from untrusted/customer devices
  • Implement a password manager
  • Use strong passwords
  • Zero password reuse
  • Remember to log out; don’t just lock your screen

Marc-Andre Tanguay

Too many people use a simple word or name as their password. Using dictionary attacks—which use a preselected library of words and phrases to guess possible passwords—attackers can get through those passwords very rapidly.

Stefanie Hammond

I run Google Password Checkup weekly to see if there are any passwords that have been compromised so I can get those changed immediately Also, it’s important to ensure that every site has its own discreet password—you should never reuse passwords, even if you think it is making your life easier.

Lewis Pope

If you don’t make proper password management easy for end users, they likely won’t follow cyber hygiene best practices. You must give them the tools to help facilitate those good practices like a password manager as well as provide monitoring for compromised accounts.

All these tips become even more important if you’re an MSP. Good password and documentation management is critical when you have to manage multiple systems across multiple customers. Passportal can help you effectively manage this, increasing your technicians’ efficiency by putting privileged passwords and client knowledge at their fingertips. Find out more

© N‑able Solutions ULC and N‑able Technologies Ltd. All rights reserved.

This document is provided for informational purposes only and should not be relied upon as legal advice. N‑able makes no warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information contained herein.

The N-ABLE, N-CENTRAL, and other N‑able trademarks and logos are the exclusive property of N‑able Solutions ULC and N‑able Technologies Ltd. and may be common law marks, are registered, or are pending registration with the U.S. Patent and Trademark Office and with other countries. All other trademarks mentioned herein are used for identification purposes only and are trademarks (and may be registered trademarks) of their respective companies.

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

If this issue persists, please visit our Contact Sales page for local phone numbers.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site