Introduction:

Lack of password protection remains a permeating problem among enterprises. Although the risks may seem obvious, users continue to choose easy-to-guess passwords, reuse passwords, and even email them to friends or colleagues. 

Unfortunately, many enterprises continue to use outdated password authentication simply because it may be easier and less expensive to use than more up-to-date secure systems. This combined with a user-base that may be ignorant to password-relate risks is a recipe for disaster.

This is why it's important for your enterprise to regularly review and update your password management policy, to protect your sensitive information and a secure environment for your employees and users.

This enterprise password management checklist template makes it easy for you. It provides a simple process that you can run to stay on top of password management and repeat however often you might want to for the best protection.

Running this checklist regularly allows you to protect your sensitive data from any potential threats and be prepared with a backup if the worst were to happen. Although it's not possible to be able to avoid every possible issue that may come up, there are definitely many ways you could protect your enterprise from some of the most widespread threats out there.

Choosing passwords:

Keep passwords private

Your first step is to make sure to keep all of your passwords private

Don't share them with anyone, don't send them to friends or colleagues electronically (unless they're encrypted), and don't write them down.

Avoid using personal information

When choosing a password, avoid using any personal information that may be easy for someone to find. 

For example, first or last names, birthdays or birth years, anniversaries, nicknames, addresses or anything else that maybe personal.

Create difficult to guess passwords

Avoid creating a password that could be easy to guess.

Don't use common words, abbreviations, or even things like words spelled backwards.

Use mixed characters

Make sure to incorporate both lower and uppercase letters, numbers, and symbols such as @, %, !, &, and ^ into your passwords to make them as strong as possible.

Create lengthy passwords

Don't use a short password; these are easier to breach. Instead make your password 8-20 characters long.

Change passwords often

Remember to change your passwords regularly.

For normal user accounts, it's recommended to change their passwords about every 90 days, but administrative accounts should change their passwords even more often than that.

Use a different password every time

When you are in the habit of changing your passwords regularly, make sure each password is very different from your previous passwords and not just a slight variation; otherwise it won't be as effective.

Password management:

Prevent users from creating weak passwords

One way on enforcing stronger password protection for your users could be to prevent them from creating weak passwords to begin with through security policies.

Set to passwords to expire at preset intervals

Another way to practice better password management could be to set your users' passwords to expire at preset intervals, so that they're forced to regularly change their passwords.

Retain password history to avoid repeats

Next, you could retain your users' password histories to prevent them from reusing passwords when they're changing them at your preset intervals.

Set limit for number of times an incorrect password can be inputted account is locked

Set your controls to limit the number of times an incorrect password can be inputted before an account is locked out to stop fraudulent log-in attempts in their tracks.

Audit passwords regularly

Make sure your passwords are being audited regularly to make sure they're all up to standard. 

During the auditing process, ensure that all passwords remain confidential.

Encrypt stored passwords

If you haven't already, make sure all of your stored passwords are kept encrypted and protected on a secured system.

Approval: Final approval (Manager)

Will be submitted for approval:
  • Keep passwords private
    Will be submitted
  • Avoid using personal information
    Will be submitted
  • Create difficult to guess passwords
    Will be submitted
  • Use mixed characters
    Will be submitted
  • Create lengthy passwords
    Will be submitted
  • Change passwords often
    Will be submitted
  • Use a different password every time
    Will be submitted
  • Educate users on password related risks
    Will be submitted
  • Prevent users from creating weak passwords
    Will be submitted
  • Set to passwords to expire at preset intervals
    Will be submitted
  • Retain password history to avoid repeats
    Will be submitted
  • Set limit for number of times an incorrect password can be inputted account is locked
    Will be submitted
  • Audit passwords regularly
    Will be submitted
  • Encrypt stored passwords
    Will be submitted

Sources:

Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.