Recently, we published an article detailing the key elements of a successful password policy. With the increasing frequency (and severity) of cyberattacks, this is a hot-button issue.
No matter how strong your passwords may be, however, you won’t be protected from much of anything if they find their way into the wrong hands. Just think: how easy would it be for someone to find out who your technology provider is, call you, claim to be from that IT firm, ask for your password, and thereby gain access to your network?
This danger is precisely what has led a few of our more security-conscious clients ask us the best way to be 110% sure that they’re only providing their passwords to people they can trust. We are, of course, more than happy to explore the most practical options for doing so.
Below we’ll work through the three ways we’ve recommended that our clients safely share their passwords with any outside resource.
The best ways to safely share your passwords
There are three main methods that you can employ when it comes to sharing passwords:
1. Verify the employee. If someone asks for your password, get their full name and tell them you’ll call back. Then dial your main tech support line and ask for that employee. If you’re transferred, you’re in safe hands. If you find the person on the phone doesn’t recognize the “employee’s” name, you’ve avoided a scam (and are conveniently now in touch with your real support team).
2. Create a temporary password. This option is a little more labor-intensive. If you’re working with a support engineer and need to provide your password, you can temporarily change your password and provide that new password to them. Once they’ve worked with you to fix your issue, you can change your password back to what you had originally. You can use this tactic in conjunction with option #1.
3. Change your password afterward. Rather than creating a temporary password, you can provide your support engineer with your current password, and change to a new password after they’ve helped you resolve your issue. Keep in mind that you may have to change this password in other places, too; if it’s your email password and your account is linked to a mobile device, you’ll need to change your password on that device as well. Again, this approach can be used along with option #1.
Do keep in mind that not all support interactions require that a password change hands. If, for example, you are at your computer while the engineer is working, you can enter it in yourself. In the event that an exchange is necessary, however, these practices will help protect you.
There is obviously a give and take when it comes to all three of these methods; you’re going to have to take at least one extra step (and therefore more time out of your day) in order to achieve this extra level of protection and assurance. But for organizations with particularly sensitive data, this small investment of time is well worth resultant security.
Not only that, but having your staff repeatedly work through procedures like this does even more than keep your passwords safe: it helps keep network security top-of-mind across your organization.
And when you successfully build a culture of security, you are well on your way to building a robust and safe home for your organization’s data.