Clean Out Those Skeletons from Your Password Closet
Everyone knows that comprehensive password management must be a priority in today’s day and age. Most of us can’t make it through the day without inputting a password at least once. In fact, the majority of people have to use numerous passwords as part of their job.
Despite how common passwords have become, we still do not treat them with the seriousness they deserve. Unfortunately, this is exactly what hackers are hoping for. One lazy mistake when it comes to passwords is all it takes to get your password stolen. From there, a hacker could do all kinds of damage to you and/or your company and customers. In the process, they could also get you in trouble with the law.
Therefore, let’s take a moment to review some easy steps anyone can take to ensure their passwords remains effective tools for protection.
Aim for Complexity
Usually, complexity is considered a bad thing—the simpler, the better and so forth. This is especially true when it comes to IT. However, as far as passwords go, complexity should really be your goal. With passwords, the simpler they are, the easier it will be for a hacker to get to it. Keep in mind, too, that most hackers use software for this. They won’t waste their time guessing one combination of characters after the next. Instead, they’ll put a program on the job, meaning a simple password may only take a minute or two to guess. Strong passwords are made up of lower and uppercase letters, numbers and special characters (e.g. $, %, &).
A really good idea is to combine words that wouldn’t otherwise be used in the same sentence. Don’t necessarily choose movie quotes or famous expressions, then, but just random combinations like “EatSurfPuppy” and then some of the aforementioned characters.
Avoid Easy Options
As we mentioned above, stay away from obvious passwords. No, this probably doesn’t need repeating, but it’s still worth bringing up because some 75% of successful attacks on corporate networks involve simple, easily-cracked and obvious passwords. Default passwords like “password” and “admin” should always be avoided. It’s not a bad idea to avoid whole words altogether too.
Sharing Isn’t Caring (About Your Password)
Growing up, you may have been told that sharing is caring. Well, when it comes to your passwords, if you share, you clearly don’t care. That’s because most companies have very strict rules against sharing passwords. If you’re dealing with customers’ credit card information, health data or other sensitive info, sharing could also come with some pretty serious legal ramifications.
In any case, sharing is never a good idea. Aside from the fact that your coworker may eventually decide to use your password for something unethical, they may also write it down and leave it someplace insecure. This is just one way your well-intentioned sharing could backfire in a big way.
Here’s another example of good advice that is awful when applied to passwords. Recycling aluminum and plastic is awesome. Recycling passwords is what hackers dream of. When you use a password for multiple systems, all a hacker has to do is crack one and they can crack all the others. Don’t make their lives this easy.
For the same reasons, you want to be changing your passwords all the time. If a hacker gets a hold of one of yours, they most likely won’t be too quick to make this clear. They’d be much better served by laying low and enjoying the fruits of their labor as much as possible. If you change your passwords regularly, you could greatly reduce the damage a hacker can do without even knowing it.
Store Your Passwords Securely
Memorizing passwords is no longer a sound approach to managing them. A lot of people have close to a dozen passwords.. Recall how complex they need to be and you can understand why so many are tempted to write theirs down somewhere. For this reason, it’s only natural to look for storage options; just be sure your employees use secure ones.
A far better method for having many complex passwords would be single sign-on (SSO) software. This software requires employees to just remember one password that they can then use to access all the others they need.
For even better results, add MFA (multi-factor authentication) to the mix. No one will be able to access the SSO software unless they can provide at least two types of identification (you can choose as many as you want). This could be a password in the traditional sense and a pin that gets sent to their cellphone or a token. Biometric credentials can be used too.
Rely on Central Location
The more assets you add to your password management, the more you’ll need a central location to oversee them all. This will make everything from updating various requirements to automating password generation far easier.
Create a Strong Management Policy
Finally, none of the above will do much good if employees eventually create their own password management approaches. While you should definitely listen to what employees have to say about password management—their input from the trenches is invaluable—you also have to be clear in what your company demands. At the end of the day, the policy you put in place cannot be up for negotiation or it won’t do much good.
Make certain your employees understand that password management is a priority and explain why this is. Among other things, you should spell out any legal consequences that might befall an employee who doesn’t carefully guard their passwords according to the guidelines you put in place.