EN FR DE
MAIN MENU
Solutions

Packages

Remote desktop
management & IT operations

Boost productivity, decrease costs, and increase security with a centralized platform where you can manage a wide range of remote connections and tools.

Workforce password management

Improve your security strategy without reducing productivity by using a password management solution.

Privileged access
management

Diminish the risk of insider threats and cyberattacks while providing audit and compliance requirements for your team.

Remote access
management

Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access.

IT automation with PowerShell Universal

Streamline routine IT tasks and boost productivity with integrated scripting, orchestration, and reporting.

Devolutions
Remote Desktop Manager Free

Best all-in-one remote connection and credential management tool for independent IT users

blue box

Full power for small teams

All products available in our Starter Pack at half price for teams of 5

Compare all solution packages

Quick overview

Personalized trial for 100+ users

Free expert or self-guided proof of concept for up to 90 days

Seamless integrations with RDM

Browse our 100+ integrations and boost your productivity

Compare our solution packages Visit store & get a quote
Products
Products

Devolutions
Remote Desktop Manager

The best remote connection manager in the industry

Devolutions
PAM

Privileged access management built for IT professionals

Devolutions
Workspace

Secure connection launching tool

Devolutions
Launcher

Remote connection launching tool

Devolutions
Gateway

Secure remote access management - no VPN required

Devolutions PowerShell Universal

Devolutions
PowerShell Universal

Automate remote management with integrated dashboards and API's

Data sources
Devolutions Server Self-hosted credential manager
Devolutions Hub Business Cloud-hosted password manager
Companion tools
Devolutions Send
Devolutions Send Secrets sharing made quick, secure, and simple
Devolutions Agent
Devolutions Agent System service to control privileged operations
Discover Remote Desktop Manager Free
Resources
Resources

Devolutions Academy

Your FREE go-to hub for mastering Devolutions' suite of products and services.

Devolutions forum

The Devolutions Forum is the place to go to connect with your peers and the Devolutions team.

Devolutions documentation

Get answers to product specifications, settings and more on our documentation.

Devolutions blog

Stay up to date with our weekly articles on our blog, the toolbox for your IT success.

On-demand Lab
Success stories
Reports & white papers
Devolutions force
Learn a quick tip in 5 minutes! Browse feature requests
Company
About
Devolutions Timeline Lifestyle
Media
Devolutions logos Wallpapers
Careers
Welcome Available positions Spontaneous application
Newsroom
Press releases Newsletters In the news
Security & compliance
Security Advisories Trust center Legal & privacy Report a security issue
Contact
Send message Send message Call me Call me
Technical support Sales Contact information
Quick tips
Start February strong: Change passwords + enable 2FA

Start February strong: Change passwords + enable 2FA

This blog explains how Change Your Password Day and 2FA Day offer a simple opportunity to improve security by focusing on high-impact accounts, stronger passwords, MFA, and safer credential practices.

Avatar of Steven LafortuneSteven Lafortune

The gift giving season may have just passed, but February offers organizations a pair of valuable presents by way of two global events: Change Your Password Day on February 1, and 2FA Day on February 2. Both of these offer an ideal opportunity for organizations and individuals to achieve low effort, high impact security wins.

A quick note about password changes

Before we look at some tips, we should point out that good password hygiene today is not about forcing everyone to reset every passwords every 60 or 90 days. Guidance from NIST call for avoiding routine, scheduled password changes unless there is a evidence of a compromise. Instead, the focus should be on creating strong, unique passwords (that is, if passkeys are not an option), and adding a second factor where it matters most.

Recommendations

Below are some targeted actions and improvements that can prevent a complicated and costly breach. Organizations that have already taken care of one, some, or even better all of these can take a bow and pat themselves on the back for being proactive. Otherwise, use the following as a checklist to reduce the risk now, not later when it might be too late.

1. Identify high impact accounts

Start with the accounts that act like master keys. This could include:

  • Microsoft 365 or Google Workspace admins
  • Password vault admins
  • Banking, payroll, and payment processor logins
  • Domain registrar and DNS hosting
  • Remote access and IT management consoles

If one of these accounts gets compromised, attackers can often reset other passwords, create forwarding rules, impersonate staff, and lock users out.

2. Change passwords that are weak, reused, or shared

If a password exists in more than one place, then replace it with something strong and unique. This should be a brand new password generated by a password manager and that meets complexity and length factors, rather than a slightly edited version of an old one.

3. Turn on 2FA/MFA

2FA/MFA makes stolen passwords far less useful. If your environment supports it, opt for stronger methods such as authenticator apps, security keys, or passkeys vs. SMS.

4. Reduce shared credential sprawl

Shared credentials are common because they are convenient, but they are hard to audit and easy to mishandle. If your team still needs shared access, then consider the following standards and rules:

  • Put the credential in a secure vault, not in a spreadsheet, document, or chat
  • Limit access to only the people who truly need it
  • Review access quarterly (or when roles change)

5. Make 2FA/MFA approvals harder to approve by mistake

Push approvals are user friendly; that is, until someone taps “approve” on autopilot. Features like number matching reduce accidental approvals, and make phishing based fatigue attacks harder to pull off.

6. Check recovery options before you need them

Nothing ruins a day (and could trigger a long, stressful night) like a locked admin account. Confirm that you have:

  • Recovery codes that are stored securely
  • Backup methods for admin sign-ins
  • A documented “who does what” plan if an admin is locked out

How Devolutions helps

Here are a few ways that some Devolutions products and solutions make strong password hygiene a reality, but without adding complexity or high costs:

  • Enforce MFA and strengthen prompts in Devolutions Hub Business: Devolutions Hub Business includes security settings to enforce MFA. It can also be configured to enable number matching push notifications via Devolutions Workspace apps.
  • Configure MFA in Devolutions Server: Devolutions Server supports multiple MFA options and can be configured broadly or user by user, helping organizations apply stronger controls where risk is highest.
  • Protect the Devolutions Account: Devolutions Account security includes MFA configuration and recovery codes so teams can harden access.
  • Implement 2FA with Devolutions Workspace: Devolutions documentation provides steps for configuring Devolutions Workspace MFA, which provides an additional security layer when launching Remote Desktop Manager.

The final word

Meaningful security improvements do not have to be time consuming or complex. Keep the focus on high impact accounts, store and share credentials in a secure vault instead of documents or chat, and make 2FA/MFA the default. In addition, with Devolutions Hub Business, Devolutions Server, and Devolutions Workspace, teams can standardize controls without adding friction, and establish reliable, ongoing protection and resilience.

Related Posts

Read more articles