Tips & Tricks

Password Best Practices Using Remote Desktop Manager

Jenny Knafo

As Devolutions’ Product Marketing Specialist my role consist in staying up-to-date with the latest updates made to our software to create weekly technical blogs and tutorial videos to keep our clients informed. I am also in charge of the creation and overall successful organization of marketing events and trade-shows. I’ve worked in a corporate environment for a long time and it is a joy to be back to my roots and working again in the IT world.

View more posts

How can Remote Desktop Manager help make your system more secure? How can RDM help you ensure that your whole organization implements its password policy best practices? Even if your user guidelines for password security are clear as water, if you look hard enough, I can guarantee you’ll find at least one person in your organization that’s using “password” as their password, one that has their password on a note under their keyboard, and one that has the same password for all their sites!

Here are some of the password policy best practices, along with suggestions for helping users comply:

1. Keep your password strong by combining a minimum of 10 numbers, uppercase letters, lowercase letters, and special symbols.

RDM’s Password Generator allows you to generate complex random passwords that are secure and difficult to interpret or predict.

PasswordPolicies_RDM

2. Avoid common password weaknesses by avoiding overly simple ‘forbidden passwords’.
  • ‘password’
  • your name, or the name of your spouse or children
  • a string of numbers or letters like 6789 or abcd
  • a pattern of letters found on the keyboard, like qwerty
  • your phone number
  • your license plate number
  • the birth date of someone who is close to you
  • information easily obtained about you (e.g., your address or town)
  • passwords of all the same letter
  • words that can be found in the dictionary
  • any of the above followed or preceded by a single digit

Using RDM, your organization can create a list of forbidden passwords, which will make it harder and less tempting for end users to use easily hackable passwords. A forbidden list will make it impossible for users to use ‘password’ as their password. You can even create templates to quickly generate passwords according to your specific guidelines, ensuring they will use a specified number of letters, numbers and symbols. If you want to make sure that nobody uses ‘password’, you could run a Password Usage report!

3. Protect your password.

Have you ever found a password under a user’s keyboard or a post-it hidden in their drawer? That’s a big no-no! It’s fundamental to remember your password without writing it down. If you have lots of passwords and it becomes a burden to remember them all, it might be time to use a great password management solution like RDM or Devolutions Server.

4. Use https:// instead of http://

We don’t really have the choice but to send our password across the Internet at some point. So when you do, make certain that the URL begins with https:// rather than http:// since the https has a higher chance of being secure for your password. If the website you’re on doesn’t support the https my suggestion is: make a run for it!

5. Change your password often.

You might think that you should only change your password if the website you’re using has been hacked (like let’s say Yahoo!). Otherwise why bother, it’s probably still really safe! Well that’s where you’re wrong! You should change your password every 90 days for a strong password and every 180 days for a passphrase, even if it hasn’t been compromised.

6. Don't type your password while anyone is watching.

Using Devolutions Web Login will not only securely keep and manage all your passwords, but it will also automatically inject your credentials onto the web site. This means that you’ll never have to type your username/password, thus removing the threat of someone watching you type!

WebLogin

7. Avoid using the same password for multiple websites containing sensitive information.

Once every month you should generate a Password Analyzer report to verify the overall strength of the passwords used in your database and also the number of times the password is being used for different entries. If you see that a password is being used more than once, you know you have some work to do!

PsswPoliciesRDM_PsswAnalyzer

So there you go folks! A few little changes that can make the world a better place…ok maybe not the world, but it will certainly make your whole system much more secure and a better place to safely store all your information.

As always, please let us know your thoughts by using the comment feature of the blog. You can also visit our forums to get help and submit feature requests, you can find them here.

Related Posts

Read more Tips & Tricks posts