17) Does your organisation use/provision a password manager to ensure passwords are of the required complexity and only used once?
IT Operations Password Manager
Written by Haydn Brooks
Created on March 18, 2019
Modified on July 7, 2020

Answer yes if your organisation provides staff with a password management solution to help facilitate password complexity and uniqueness.

Provisioning a password management solution and including training on how to use the tool within your information security training programme will help mitigate the risk of weak passwords and repeated passwords being used for company accounts.

A password manager can include password managers built into existing tools (such as Chrome) as long as you have trained your users on how and when to use it.

How to implement the control:

There are a number of password manager solutions on the market. Here at Risk Ledger we use OnePassword and we train all of our employees on how to use the solution during their annual information security training.

Some tools that your organisation may already use will have a password management function built in, such as Chrome. Make sure you train and advise your users to use the solution correctly!

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.