The Do's and Dont's of Password Management
No matter how sophisticated our digital security measures become, passwords are always going to play a big role. This is why password management absolutely must be a priority at your company. The security of your entire organization rests on people choosing good passwords and then keeping them safe. Here are some do’s to implement and don’ts to avoid in order to maintain security.
Do: Make Complex Passwords
One of the reasons a lot of people have soured on the idea of passwords is because so many people pick really awful ones. A simple password is going to be very easy to hack. It’s as simple as that. If someone who knows you wants access to a system, they’ll probably have a pretty good idea of what your password is. They’ll know your birthday, those of your family members, your loved ones’ names, your address, favorite band, etc.
However, even if you try to pick something harder to guess like spelling out your favorite number and then adding it at the end or your mother-in-law’s maiden name plus the year she was born, you’re going to run into problems. That’s because hackers these days have become particularly fond of a tactic known as brute force. As the name suggests, it’s a method that lacks elegance, but is no less effective.
Basically, it’s a type of code that just puts in one combination of characters after the next at lightning fast speeds until the right password is found.
This is why complex passwords are necessary. You should go with at least 12 characters to make brute force attacks more difficult. Then pick something extremely hard to guess so no one close to you stands a chance.
Try something like your favorite sports team, minus the vowels. “Minnesota Timberwolves” would be “MnnstTmbrwlvs” then add the name of the system you’re accessing, again minus the vowels. Add the year you were born, one number at a time, between every word. This kind of thing is easier for you to remember and nearly impossible to hack.
Do: Educate Your Users
Human error is a hacker’s best friend. Just because you know how to keep your passwords secure and take this kind of security important doesn’t mean that your employees are on the same page.
Send out regular reminders to change passwords and educate your employees on why this is so important. You can even send out articles about companies that were recently hacked because an employee let their guard down.
Do: Implement a Password Management System
Without the right software, human error is always going to be a huge risk. Think about all the passwords your employees need to do their job every week. Now consider how difficult it is for them to remember the type we mentioned in the first section for all these accounts. Sooner or later, these demands are going to break an employee, which means they could leave your company open to attack.
The way around this is with SSO (Single Sign-On). It provides one portal your employees must access in order to gain access to all the other apps that they need for the day. It’s like a vault they open to use all the passwords they need. However, many versions make it even easier by handling the signing in for them automatically.
Don’t: Reuse Passwords across Accounts
Reusing passwords over multiple accounts is asking for trouble. The second one of them gets hacked, all of your other accounts are now in trouble. Any hacker out there knows that people love making this mistake too. If they’re going after businesses, they’re also going to know that most employees have to use a collection of platforms on any given day, so they’ll get busy trying one after the next.
Don’t: Keep Passwords Anywhere Unsafe
We often talk about hackers when it comes to password security and they are definitely a threat. However, it’s also important to think about being vulnerable to those who are less tech-savvy. If you’re leaving passwords somewhere unsafe, you’re only increasing the number of people who could find it.
This includes writing it down somewhere and keeping it in an unsecured location like a drawer in your desk or under your keyboard. Even something like an excel sheet is a bad idea. If you leave your desk unlocked while you use the restroom or your laptop is stolen, those passwords are as good as stolen as well.
Don’t: Let Your Passwords Go Stale
A lot of times, when someone’s computer or software isn’t working properly, they automatically assume they’ve been hacked. However, this is a fairly ignorant way of thinking about hacking.
Yes, it’s true; sometimes hackers want nothing more than to cause trouble. They take glee in knowing people are frustrated or unable to get their work done. These are usually the hacks we hear about on the news, but that’s because those are the types of hacks that are most likely to get noticed.
The truth is that most people have no idea when their systems have been compromised. If a competitor hacked into your email, do you think they’d want you to know they were there? Of course not! They have access to a treasure trove of information and are only getting more and more of it every day. They’d much rather lay low and enjoy all this free help.
This is why you have to change your passwords regularly. If someone has gotten into your system, a lot of times the only way to get your security back is simply by changing your password so they can’t access it again. It’s crazy to think about how much damage can be avoided with just this one simple practice.
As long as you take the above advice to heart, you can sleep well at night knowing your company won’t be victimized for something as silly as having a password stolen or hacked. When you consider the potential consequences, this is really a no-brainer.