As businesses across the world spent the early part of 2014 worrying about the Target data breach, many didn’t realize that the biggest threat resides inside their own organizations. Passwords are the top cause of data breaches, according to experts, with users regularly using weak passwords that can easily be cracked.
This doesn’t absolve IT Support of responsibility, however. Through educating users on the importance of creating complex passwords, IT staff can increase security at the workstation level. This makes it harder for hackers to find a way into cloud-hosted servers. But education only goes so far with users, since many will still continue to use grandchildren’s names and short, letter-based passwords.
For that reason, many IT professionals now implement password requirements at the server level. When a user enters a password that doesn’t meet these requirements, the system shoots back an error. The user then must create a more complex password to proceed.
Cloud Provider Responsibility
Many cloud services allow IT staff to set these password requirements through their own consoles. Amazon Web Services’ Identity and Access Management (IAM), for instance, gives administrators the ability to set an initial password through the console, then turn changing that password over to the user.
Through the IAM console, an administrator can set policy requirements for all users. Administrators can require at least one uppercase letter, at least one lowercase letter, at least one number, at least one special character, and set a minimum password length. The longer the password requirement, the more secure a user’s files and applications will be.
Cloud-hosted data can be protected with the best security in the industry. But if an organization’s users aren’t practicing safe password behaviors, that data is being put at risk on a daily basis. By using the tools available today, cloud-hosted companies can force users to be responsible when creating passwords, increasing their own security exponentially.