Customer Passwords: Policies and Requirements for Creating Passwords
Computer Passwords
We are all (office and tech) responsible for ensuring the end user chooses a good password for local or domain profiles as well as email. Do not let the customer choose something like 1CompanyName (1NYGeekgirls) or FirstNameStreetAddress (Roberta666) as the password.
Always add at least three additional characters to a password supplied by the customer, in case the customer is re-using a password.
Sending and Receiving Passwords
Do not accept a password the customer has emailed to you. Passwords must be sent and received via SecureApps.
We strongly discourage providing passwords over the phone. It’s not practical as there's a good chance the user will mis-hear you. If for some reason the user can't receive the password via email, try using our SMS system to text it to them. (Please instruct them to delete the text ASAP, and we should do the same on our end.)
Make sure the information you send is very clearly labelled - URL, user name, password.
User passwords must be at least ten characters long. It's recommended that you generate them in IT Glue. In most cases they should be stored there as well. See IT Glue Password Asset: Best Practices
Confusing Characters
To avoid confusion: Look at the password and if you have any doubts about the identity of any characters, replace them.
Do not use a period in the password. This is confusing to communicate to the user.
Do not use spaces in the password. This is confusing to communicate to the user.
Do not use lower case letter L. (They look like 1’s.)
Do not use upper case letter O (They look like zeros.)
Do not use upper case letter I (They look like 1’s.)
For security, do not use the user name in the password.
For security, do not use sequential numbers (e.g., 1234) in the password.
Our Policy on the "Three Word" Password (TLDR: Don't do it)
Management believes the "three word" password is not secure enough for today's password-hacking bots. It also sets a bad example for the end user. Even if we
include numbers and symbols along with the three words (which is marginally
safer but still not as safe as random passwords), in the future the user may get
the idea to use the "three word" method to create passwords that only
include letters, making their passwords even easier to hack.
If a user pushes back on password complexity, explain that these days, given how many
passwords we all have to contend with, we strongly recommend using a password
manager rather than trying to memorize passwords. (You can mention that we do
offer Keeper as an inexpensive option to our customers.)
Related Articles
New Prospect and Client Intake Instructions (New Customer)
This procedure applies to inactive customers in AT as well as to customers that have not opened a ticket or been billed by us in at least one year. They are to be treated as new customers. The only difference is that instead of creating the account ...Customer Support Request (Current customer, non-help desk)
This is for current customers. For new customers, see “New Client Intake Instructions” Much of this info is intended for the office admin, but it is important for techs to know how to manage customers on the phone, create tickets and prioritize when ...Customer Reports Workflow
Workflow On the first of the month we have scheduled all Datto RMM reports to send with "Scheduled RMM Report: " followed by Autotask/Datto Company Name in subject. Recipient: Info@nygeekgirls.com . A PowerAutomate rule (RMMREPORTFIX1) processes the ...Computer and Peripheral Sales Policies
We sell computers, servers and network devices. We are an authorized Dell and Asus reseller. We also purchase computers directly from Carbon Systems. We order Dell business* computers through Dell Premier portal. We only sell business-line computers. ...Customer Data Safety Policies: Customer Data, Operating Systems, Network Device Settings
Introduction Next to security, avoiding data loss is our most important priority. We do not remove anything - accounts, files, email folders, etc. - ever without a backup unless the customer provides written assurance that they no longer need the ...