Memo: Train your staff on the use of password management software

Aligned Risk Management recommends password management software for all staff and especially for staff who work with a large number of external web application accounts.

  • A password manager can help encourage the use of long, complex, and unique passwords.
  • A password manager can reduce the need for users to commit their passwords to memory, making it less likely that they could expose their passwords inadvertently to social engineering attackers.
  • Automated password managers will fail to populate password fields on look-alike phishing pages, which can alert users that they are not accessing the system they expected.
  • Best practices recommended by the National Institute of Standards and Technology (NIST) endorse the use of password managers.

“Verifiers SHOULD permit claimants to use ‘paste’ functionality when entering a memorized secret. This facilitates the use of password managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secrets.”

National Institute of Standards and Technology, NIST Special Publication 800-63-3: Digital Identity Guidelines.