The Best Password Policy Practices

The Best Password Policy Practices

In an effort to increase security, application designers and system administrators are enforcing longer and more complex passwords. The new challenge is that passwords become tougher to remember. As a result, people often resort to using similar patterns, or even reusing passwords across multiple accounts. This is a potential risk for individuals working in small to medium sized businesses.

A study conducted by Verizon deduced that 63% of small-business hackers took advantage of weak passwords. Even more alarmingly, 93% of them took under 10 minutes to hack their way in. These figures come from 2016, so can you imagine the cyber attack landscape of today?

By implementing the following practices, you can protect yourself and your company from cyber criminals.

Don’t pick a weak password

In an era where technology influences every business process, people continue to use the worst password choices to protect sensitive data. It is not uncommon for small to medium-sized businesses to pick ‘12345’ and ‘password’ or using the default system password when setting up new accounts.

As a rule, when creating a password, avoid simple patterns (no sports teams or Star Wars catch phrases) or words that can be easily guessed. Experts suggest something that’s 12 characters or longer and that incorporates letters, numbers and symbols. Make note: a nonsensical string of random characters takes only three days to crack, but four simple words create a passphrase that would take a computer roughly 550 years to guess.

Use multi-factor authentication

With daily dependencies on online services such as VPNs, online banking and messenger systems on the rise, the need for all the data transferred or communicated through these services to be protected has also risen. Companies recognize this and now offer the option for an additional step between entering your password and gaining access to your account. This option is better known as multi-factor authentication. Typically, a code is sent to the phone number you’ve connected to the account each time you type in your password to ensure you are who you say you are. Of course, it takes a little longer to enter the site, but it has proven to be one of the best ways to ward off intruders.

Be wary of phishing

As security measures tighten, the people trying to overcome them work harder and smarter. Phishing scams now look more legitimate and may fool you into handing over passwords or other confidential details. Therefore, it is imperative for you to not change your password via stray emails that come into your inbox. If you do have to change a password, it is best to verify it through email communication first, or, change it via the website directly.

Consider a password manager

Social media accounts, email accounts, messenger accounts, workplace accounts are just a few examples of the myriad accounts the average individual needs access to daily. With more accounts come more passwords -- so many that by 2020 the average number of accounts per Internet user will be 207. Are you prepared to remember 207 passwords? Fortunately, there is already a solution to that problem: password managers. Password managers keep track of all the usernames and passwords you use on various sites. They also boost safety and save time by automatically filling in the username and password fields. What’s more, this software also synchronizes your passwords across different devices, meaning you won’t be lost if you log onto a site from your mobile device but initially registered your account via a laptop or PC. Here is a list of the top password managers on the market as of 2018.

Don’t share your password

Last but not the least, don’t share your password! Take heed of the recent research conducted by Norton stating that close to 30% of millennials are likely to share theirs, including ones associated with their bank account. Avoid becoming one of those people at all costs.

Looking to bolster more than just your password? How about your entire IT infrastructure? Call XBASE today to learn how.