In the fast paced nature of our world things get lost or forgotten. If you mange many applications or accounts that require passwords it’s easy to confuse, forget or lose login information. Many computer experts and online security professionals recommend changing your internet passwords at least once every three months. Changing your passwords can be a frustrating and time-consuming task and the changes can lead you to forget which password you’re currently using.
While forgetting passwords in your private life is exasperating, forgetting workplace login information is even worse. There are a number of things you can do to ensure lost passwords don’t lead to lost time and revenue.
- Create the right policy - If you need to share passwords, or have a (limited) number of people who know them, creating a good policy is key. This policy should clearly define: what position has access to what information; what happens when someone leaves (voluntarily or otherwise); how to recover passwords; how many backups will be kept; and how and when the password is to be shared. Employee confidentiality agreements need to explicitly state what can and can't be shared and the consequences of breaching the policy.
- Assign a person to be in charge of passwords - A single person of authority within your organization should be the main contact person. They should have copies of all passwords given to outside companies and access to accounts and applications.
- Pick who to trust - Important passwords shouldn't be shared with everyone. Organizations should take steps to vet the trustworthiness of the person or company before passwords are shared. If you have an established sharing process, and a vendor you're considering working with is pushing a policy that is different from yours, it may good to look for a company whose policies are similar to yours, or who is willing to work around/within your policies.
- Set passwords to the position, not the employee - Many companies will give passwords to one person who is in charge of storing and updating the information. When they advance, or switch roles, they may take the password(s) with them. Instead, look at organizing this a different way: assign passwords to the position rather than an individual. When they leave the person filling their role is given the password instead.
- Change passwords regularly - To avoid security issues inside and outside your organization it's a good idea to change your passwords on a regular basis. If an employee leaves a position and is in charge of an important password, you should take steps to change the password, even if they are trusted and/or left on positive terms.
- Keep a password list – Keeping a physical list of the more important passwords may be a good idea for your organization. However, this is a sensitive document, so it's important not to leave it lying around. If you have a safety deposit box or safe in the office you considering storing the list there.
If you are in the unfortunate position of not having required passwords, it's a good idea to get in touch with IT professionals. They are often able to recover systems and passwords, or at the very least, reset them. After you recover your systems, it's a good idea to test for vulnerabilities.
This information originally appeared on Nashville Computer company blog.