How to secure your company's passwords

7 password habits hackers hope your company hasn’t adopted

There's some terrible password advice out there - like use one strong password everywhere. Don't do that. (Picture: Christiaan Colen, Flickr)

There's some terrible password advice out there - like use one strong password everywhere. Don't do that. (Picture: Christiaan Colen, Flickr)

While many of the recent breaches like LinkedIn and Twitter have focused on the impact on consumers, rather than businesses, it doesn’t mean that companies can’t be the target, whether large or small. The reality: any data is valuable on the black market, and hackers are just itching to get their hands on yours. As a CEO, owner, or IT Manager at a company, you have a lot more at stake than just one consumer – so are you doing everything you can to protect the company from an attack?

When reviewing your company’s current list of vulnerabilities against hacking, one of the first things you should check off are your password habits. Reviewing these, and adding a few tools to your security toolbox, will help to make most hackers’ jobs more difficult – and you may even ward off an attack entirely.

1. Set up password strength requirements

This sounds like a given, but many companies still don’t enforce password strength requirements, which means their employees are using simple, insecure passwords. Or, they stop at telling employees what they should do, but don’t actually have a way to verify they are doing what they should be. As a company, you should require employees to create lengthy passwords including upper and lowercase letters, numbers, and characters. You can also block people from using their first or last name, the company name, or even ‘password’ in their passwords. But go beyond that, and give your employees tips such as using passphrases that don’t really make sense but are easy to remember.

2. Require password changes

Password reuse is one of the biggest reasons that accounts are getting hacked these days. Require your employees to change critical passwords – computer, email, important data access – every few months or so, and especially after there has been any suspicious activity or known security issue.

3. Have a password manager (and actually use it!)

With all of these requirements and unique passwords, it’s very hard to practice good password habits without some help. That’s where a password manager comes in. A password manager helps you store all of your passwords in one secure place. But most importantly, you have to update your passwords so that each one is strong and unique so it can protect your accounts the way you need it to.

4. Establish levels of access

For those accounts with the company’s most sensitive information, such as server credentials and SSH keys – called privileged accounts – you need to take even more care to protect against threats. The first step is to ensure that not everyone has access to them. Only delegate access to those who truly need it, and regularly re-evaluate if those people still need it.

5. Automatically rotate passwords

Once an employee accesses one of these privileged accounts, it’s possible they’ll know the password. To keep the account truly protected, you’ll want to change the password after each time that it’s accessed. With business-focused password managers, this can be done automatically and without hassle to end users or IT admins.

6. Review activity reports

Monitor activity on all company databases, especially to privileged accounts, with reports that include data on which account was accessed, by which user and when. If there is a problem, you’ll know about it and will be able to identify who was accessing the account at that specific time.

7. Educate employees

Your company is only as strong as your least-informed, most insecure employee. Your IT department could be following all of the practices above, but that means nothing if your employees aren’t following good practices as well. Educate employees on what it means to have secure passwords, and on how to use a password manager to help them put those best practices into action. This means not only creating strong passwords, but also not sharing them with co-workers or others, using a password manager to store passwords, changing passwords often, and using unique passwords for every single account.

While it takes time to implement these changes, the security and productivity benefits you’ll experience across the organisation more than compensate for the initial investment.

Daniel Cran, Managing Director APAC, LogMeIn

How to make Windows 10 ask for your password when you wake up your laptop
5 things you should know about password managers

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags businesshackingpassword protectionpassword securitypasswordspasswordpassword managementpassword control

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Daniel Cran

PC World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?