Password Encryption and Security: Best Practices
Password security is easy, right? These days, programs and sites make you choose a complex password with at least one number, one symbol, one capitalized letter, etc. Besides, sites and programs encrypt all of that information. Right?
Unfortunately, it’s not that easy. Sites and web applications often give their users a false sense of security with their complicated password requirements and SSL encryption claims. In reality, complex password requirements may make it easier for a hacker to guess your password, as it provides them with a strategy for guessing a password based on a site or program’s password requirements and limitations. And encryption offers limited protection—hackers can analyze the encrypted password “hash” from a collected database and effectively reverse passwords from it.
Your business can’t afford the consequences of a data breach. Rather than relying upon the password requirements or encryption of a site or application, your best bet for password security is to create strong passwords and back them with a second layer of security.
Here are some tips for creating strong passwords:
- Never, ever use the word “Password”, the number sequence “123,” or the name of the program or app in your password. These are very commonly used and, therefore, easy for hackers to guess.
- Always change the default password that came with a program, device, or site.
- Change your passwords at least every three months.
- Get creative. Think of a password that even your best friend or spouse would never come close to guessing.
Beyond Strong Passwords
Creating strong passwords is an absolute must when protecting yourself and your network. But it’s important be aware that even the strongest of passwords provides only one layer of security—a layer that, historically, advanced hackers have been able to penetrate again and again. Using only passwords for authentication (single-factor authentication) can involve great risk, especially for businesses and organizations. After all, it only takes one employee’s compromised password to jeopardize your entire system.
For these reasons, I recommend that all of business clients (and anyone very concerned about sensitive data, etc.) consider multi-factor authentication software.
What is multi-factor authentication? Multi-factor authentication (MFA) requires users to present two or more of the three common authentication “factors” in order to gain access to a system: something you know (like a password), something you have (like a token or mobile device), and something you are (like a fingerprint or iris scan).
MFA is growing in popularity and will likely be commonplace in the near future. Cost-effective soft tokens and convenient mobile applications have made MFA systems much more accessible to everyday users and businesses of all sizes.
Consistently using password security best practices ensures that you’re strengthening your passwords to protect yourself and your business from a potentially disastrous security breach or phishing attack. But, only switching to a multi-factor authentication system will truly make your system impenetrable to outside attackers.