Question? Call Us 858-777-0040
Tech Kahunas logo

How to Create Effective User Password Education

People sitting at meeting table

While using the recommendations in the first three blogs in this series (password composition, password practices, password policies) are critical, employers have to create a “culture” of security where there is ongoing discussions about maintaining cybersecurity. Employee education is essential. Also know that a company’s compliance requirements may be a factor if they stipulate password complexity and education for their workforce. I’ll also cover password managers at the end.

Businesses should:

1. Mandate user training in password complexity: never use passwords that are easy to remember, change passwords often, never reuse or recycle passwords, never use real personal data in passwords or recovery questions, never use dictionary words or patterns.

2. Train employees how to maintain password and account privacy.

3. Recommend to employees to never share passwords, never text or email passwords, use a separate password for each account and not reuse business account passwords for personal accounts.

4. If optional, recommend that employees use multi factor authentication wherever possible.

5. Recommend to employees that they not write down or input them into Excel or Word. Case in point: users who write passwords on sticky notes left on their monitors or desks.

6. Recommend that users not use browser password saving and encryption features. These are notoriously weak.

7. Discuss password provisioning with new employees.

8. Discuss password lifetimes, lock outs and audits with all employees.

9. If allowable under the company’s acceptable use policy, encourage the use of a password manager.

A brief word about password managers

As mentioned in the beginning, I want to say something about password managers. These include software “vaults” like 1Password, LastPass or Bitwarden that can create randomized, complex passwords and store them securely. If SMBs and organizations require one, then they will be on the right track and users will not have to remember their lists, except for their master password. This brings us to their biggest vulnerability: the loss or compromising of the master password. But if users keep that secure, they will be well on their way to having a secure set of passwords.

Tech Kahunas know the needs of SMBs and organizations and will help you with proper password practices and policies.
We’ll stay on top of the threats.
We’ll watch your data.
We’ll review your risks.We’ve got years of this.


Leave a comment

Your email address will not be published.

Peter Bondyark and J.C. Berry
Peter Bondyark and J.C. Berry
Subscribe for security updates.
Latest posts
Follow us

Get The Road to Cyber strength FREE

Download Tech Kahunas’ latest eBook The Road to Cyber Strength for FREE. Read about the state of cybersecurity in 2022, the companies that didn’t make it, and where the road can lead you in 2023 and beyond.

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

What if Today you or your business was hacked and you were at risk of losing it all? Do you have a plan?
We will not spam, rent, or sell your information.

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

Join our newsletter and get a 20% discount
Promotion nulla vitae elit libero a pharetra augue