Security, Passwords, and Opportunity
Can we be honest?
Passwords can be a pain. When you have a great password, it’s annoying to have to come up with another one for every site you use, right!?
I know you are awesome about your personal password policy, but let’s just say. . . we all know. . . someone else. . . who has either:
- Written passwords on a Post-it note, piece of paper, or a text file on your computer or somewhere online
- Reused an old password
- Used the same password on multiple sites
- Used a basic password
- Used a relative’s name, social security number (or part of one), birthday, etc. in the password
- Not rotated password(s) on a regular basis
I’ll admit it — I’m guilty of at least one (or more) of the above maneuvers.
That said, I’m taking advantage of this day to declare Password Amnesty— it’s time to start fresh, and do it right .
What does that entail?
- Have a unique and super strong password for every site/login you manage
- Never share logins with other people/users
- Never reuse passwords on multiple sites or use a password from your past
- Change all of your online passwords--now that a few days have passed, most sites have renewed their SSL certificates and are no longer vulnerable, so now is the time
How can I force all of my users to change passwords?
- The ideal option is to use Single Sign-On, where the users are stored in a remote database. If you do so, it’s a trivial matter to force a password change on the next Login there for all of your users.
- If you are using Native Zendesk Authentication , an upgrade or increase in password strength of the password requirements will force a change within 5 days . This article contains steps for how to set the security level of your Zendesk.
- If you’d like to force a password change for all of your users , we would be happy to help you out. Simply send us a request authorizing us to reset all of your passwords and active user sessions. We’d be delighted to help.
Bonus Round: Better Passwords
With security, the greater the level of complexity, the greater your security:
If you’d like to have some great passwords generated for you, simply visit this page . In addition to having great passwords generated for you, it has a wealth of information on Password strength and security.
That’s nice, but I can’t remember THAT !
Password management (particularly if you're using really great passwords) can be a sticky situation—If you’re not using a great Single Sign On provider with two-factor authentication like Google , OneLogin , or many others, you might want to look into using a great password manager like:
They will allow you to:
- Generate super strong passwords
- Manage passwords in a secure central repository
- Access passwords on your desktop and mobile device
- Enable you to remember just one password , but have super strong passwords generated for all of your other sites