Are your passwords up to par with the latest recommendations from industry giants and cybersecurity experts? A decade-old password may not be as strong as you think…
Happy World Password Day! Yes, May 4 is celebrated around the world, well, at least by us techies.
World Password Day is an important day in the IT professionals calendar because it reminds us to double check the way we create, store and manage our passwords. If you’re not sure about your password policies, then you need to make sure you’re up to date with the latest best practices…
The Importance Of Passwords
Passwords are the foundation of cybersecurity.
Whether it’s the PIN for your credit card or the password for your email account, these strings of alphanumeric codes are a critical part of keeping your private data and your finances secure.
Are you sure your passwords are strong enough? Do you have all of the associated best practices in place?
There’s no better time than now to find out. If you haven’t thought about the strength and effectiveness of your passwords in a few years, then they’re almost certainly due for an update.
After all, the way we think about passwords has changed a lot…
Password Best Practices—Then
Not too long ago, the secret to a strong password wasn’t terribly complicated. That said, some of the best practices we suggested were less than ideal—and in some cases, outright wrong in hindsight:
Use A Passphrase
Do you have a particular catchphrase that you’re always repeating? Or a memorable quote or saying that really resonates with you?
Choose a phrase that is easy for you to remember and take the first letter of each word. For example, the phrase “Strangers waiting up and down the boulevard” would translate into “swuadtb”.
Expand The Passphrase
A password becomes more effective as its character length increases. Having a password that is at least six characters long is a good baseline to go by.
So using our example from above, we can lengthen it by adding the website name that we are using it for or a company name: “swuadtbGmail”.
Incorporate Alphanumeric Characters
Strengthen our sample password by adjusting the case of some of the letters within the password.
By doing this, we make our password more unique and less predictable, even if a hacker is using dictionary database attacks. In this situation, our password could read as follows: “Swu@DtbGm@iL”.
Update On A Regular Basis
A simple way to continually protect your network is to rotate through a string of passwords so that every week, you’re using a different password. This makes your network more resistant to brute force hacker attacks.
While some of these best practices are right in spirit, some of them are actively harmful to cybersecurity. You should never use the name of the associated website in your password (i.e. “gmail” for your gmail account), and you shouldn’t keep a string of passwords that you rotate through on a weekly basis.
Fortunately, best practices have been updated since we first posted that blog…
Password Best Practices—Now
Implement A Password Policy
Whether it’s for your family or your employees, make sure that everyone is following the standard password best practices. At their most basic, this includes:
- Passwords must be at least 8 characters long
- Passwords should be reset on a regular basis, at least once per year
- Passwords need lower and upper case characters, numbers, and symbols
- Passwords cannot contain common words
Consider Password History
Make sure that you’re not using passwords you’ve used in the past. These could have been compromised without you knowing about it—make sure that everytime you create a password, it is entirely new to you.
Always Log Out
Unless you’re using a personal device that is only accessible by you, you and your employees should always log out when leaving a device at the end of the day. Furthermore, you should be in the habit of locking your screen when stepping away from the device, even if only for a few minutes.
Update Your Passwords
Say a site you’ve signed up for and made purchases from, or planned to make purchases from, gets hacked. Whatever password you had used for it is no longer secure.
The good news is that there’s a simple way to protect against this—change your passwords on a regular basis. That way, it doesn’t matter if a hacker has an old password from three years ago from that website you don’t use.
Use A Password Manager
If you’re not repeating passwords, then you won’t be vulnerable to further breaches when a hacker gets your info.
But that’s easier said than done, right? As we explored above, you have a lot of different accounts—so how can you be expected not to repeat a memorable password here or there?
It may be nearly impossible to do on your own, which is why you should use a Password Manager. A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information.
It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher.
Implement Multi-Factor Authentication
MFA is a secondary layer of verification, beyond the simple username and password combination required for most logins.
By requiring a second piece of information (such as a randomly-generated numerical code sent to a mobile device or a fingerprint scan), it’s that much more likely that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
Don’t Underestimate The Importance Of Your Passwords
At the end of the day, managing a long list of complex passwords can be frustrating, but it’s a key part of your personal and professional security.
Take the time to develop a strong set of passwords before you get hacked, not after.
Would you like to reduce frustrations with technology and boost operational efficiency within your business? The I.T. Matters team partners with companies of various sizes to help you create a secure, scalable, and flexible technology infrastructure.
Exceptional customer service is at the foundation of everything we do – ensuring that IT projects fully align with your business goals. Our friendly and knowledgeable team continually reviews industry trends and government regulations to help reduce risk and create a more productive IT environment for your business. Whether you are looking for full-service, outsourced IT infrastructure support, or simply need help with an upcoming technology project, contact us to help!