Passwords
How many of your users
- Never change passwords
- Use the same or similar password across multiple business and personal accounts
- Share passwords with others
- Store passwords on sticky notes on monitors, under keyboards, in unlocked drawers
- Use simple passwords
A common excuse about using long, complex and unique passwords is that it’s too cumbersome to remember all unique passwords. In this day and age, if you can remember all of your passwords—and they’re long, strong, complex AND unique, then you have an amazing memory! Most of us can’t remember all that. There are just too many places for passwords across business and personal accounts. Password reuse gives cybercriminals useful keys that they will use in brute force attacks and password spray attacks.
Let’s do a brush up of why password basics are necessary and review tips to take the some of the pain away.
Passwords are a basic and necessary layer to protect access to data. One of the root innovations that helps sidestep the tedium of entering and remembering passwords are facial recognition and fingerprint security measures. These can be a real timesaver, but they aren’t readily available across every site and device. So that leaves us with the question, what are the best practices for maintaining strong passwords and defending multiple sites, programs or devices?
- Use Complex Passwords Simple passwords, of nothing but regular vocabulary words (even in other languages) are easily cracked. Complex passwords require mixed case, numbers and a symbols. Here are a few things to remember.
- Use Unique Passwords Avoid using the same and similar passwords across multiple sites or devices. We say it often, but don’t just take our word for it.
- Consider building passwords out of strings of random words or quirky phrases. Substite characters with mixed case, numbers and symbols. Twelve characters or longer is best. Longer passwords are more difficult to crack than a six or eight character one.
- Use a Password Manager Don’t save passwords on a device in an unencrypted file. Consider a trusted password manager that you protect with a strong, but memorable pass phrase. Many password managers work across multiple devices which can be convenient, just make sure your keys to that kingdom are very well protected.
- Keep Passwords Private Don’t share your passwords with co-workers, no matter how convenient or timesaving it may be.
- Communicate Securely If credentials must be communicated, don’t send them (or any critical personal data, for that matter) via text or email—especially along with user names or any other necessary login info.
- Change them periodically If notified of a breach, change them immediately. Changing them preemptively prevents account compromise if a breach occurs before you are notified.
Multi-factor authentication
Related to the password method of authentication, multifactor authentication (MFA) is becoming increasingly popular and is often required by some organizations. Basically, this takes the password idea and adds another layer to ensure that the correct user is entering the password. MFA uses texted, emailed or phoned codes to a pre-established entity or from a previously configured authenticator app to complete login to a resource. Think of getting into a safe deposit box: the renter needs their key and someone from the bank has to use theirs as well to open the box. MFA may seem cumbersome to you and your users, but the idea here is that even if a password is compromised, a second form of identification is required to ensure the correct person is gaining access.
Come back for our next post for more tips to secure your business.
