Passwords are critical to almost everything done online. Choosing and managing hard-to-hack passwords may seem inconvenient but there are some simple ways to make them as secure as possible. Doing so can help keep hackers from taking over accounts and prevent theft of company information or funds. Here are three best practices regarding passwords:
1. Develop clear and specific password policies for employees
According to the 2022 Verizon Data Breach Investigation Report, 80% of all successful data breaches were caused by weak or stolen credentials. Password management plays a critical role in the data security of every business. Every password serves as a door that allows or prevents someone from entering the building. The security of this door has a direct impact on whether the right people or the wrong people get in.
Good password management policies include:
- Require unique passwords for every application. Though employees may complain and say that using the same password for all company networks saves them time, it also makes it easier for cybercriminals to pivot system to system. Having unique passwords for each system can help limit access.
- Create time limits. Managers should encourage employees to lock their device whenever they step away from their workstation or phone. To help enforce this policy, desktops and mobile devices can be configured to lock automatically after a short period of inactivity.
- Require unique, long and complex passwords. A strong password consists of a random combination of at least 20 uppercase and lowercase letters, numbers and special characters. For any passwords that can’t be stored in a password manager, we recommend using a passphrase: a string of random words that are impossible to guess but easy to remember.
2. Implement Multi-Factor Authentication (MFA)
Even the best passwords have limits. Multi-Factor Authentication (MFA) adds another layer of protection in addition to your username and password. Some examples of platforms that may allow MFA are email, VPNs, computer logins, applications and financial services accounts. Usually, the additional factor is a token or a mobile phone app that you would use to confirm that you really are trying to log in. Adding a second layer of security to your login process can make it much harder for criminals to gain access to sensitive computer and network systems. Using the right software and hardware can enable a user-friendly experience while keeping the hackers out of your systems. Learn more about MFA.
3. Use a password manager
With around 100 passwords for the average user to keep track of, a password manager is a safe and secure way to store unique and complex passwords for all your online accounts. A password manager is an online application that allows users to store, generate, and manage their passwords for local applications and online services in an encrypted database. Using one saves time by simplifying employee password management while also granting admins actionable oversight, from advanced reporting to customizable security policies.
Other benefits include:
- Eliminates password reuse
- Allows all passwords to be managed from one place
- Gives every user their own personalized vault, while maintaining oversight with a robust admin dashboard
- Alerts users of passwords that need to be changed due to known data breaches
Have questions or want to learn more?
If you want to learn more about password security, we invite you to get in touch with us for a no-obligation password management review and consultation.
Kevin joined WIN Technology in 2009 and is currently responsible for establishing and maintaining the company wide information security programs at WIN, which includes security operations, incident response, vulnerability management, identity management, network security, server security, cloud security, disaster recovery, risk management, security policies & procedures, red team efforts (offensive attack simulation), blue team efforts (defensive monitoring and mitigation efforts), governance and compliance. He holds 9 cyber security certifications from the SANS / GIAC. The certifications are: GXPN, GPEN, GCDA, GCED, GCIH, GPYC, GWAPT, GDAT, GAWN.