Password Best PracticesAugust 27, 2019
System passwords are one of the most commonly implemented security solutions. They are a basic, often mandatory, bare minimum approach to security. But when they are strong, a good password is one of the easiest ways to defend your data. A recent Verizon Data Breach Report states that “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” Here is how you can reduce your company’s risk with user education and these best password practices.
Avoid the Obvious –
Password1! or LogMeIn have been used and used again. Cybercriminals have a database of commonly used passwords, if yours is on the list, you are not secure.
Use a STRONG Password –
A “strong” password, at a minimum, should be at least 10 characters. It should include multiple upper and lowercase letters, numbers and special characters.
Avoid “Dictionary” Words –
Avoid using singular words that can be found in the dictionary. Criminals leverage automated software that can launch dictionary attacks, where the program will spam the password field with ordinary words at a high rate. This attack will also add trailing characters and numbers to the dictionary words. Making the password “August” as insecure as “August1!”
Use Different Passwords for Different Accounts –
You should always use a different password for different accounts. Your email password needs to be completely different than your Amazon account. So Hunter2 and Hunter3 is not different enough to be considered secure. This way, if one password is leaked or stolen, not all of your accounts are compromised.
Use a Passphrase –
The passphrase is considered one of the best options to keep your accounts secure. This technique uses a phrase or a sentence instead of just a word or two. A passphrase is nearly impossible to guess and is immune to most dictionary attacks. Plus, they are actually easier to remember. For example, $ummer1sMyF@vor1teSe@s0n* is easy to remember but hard to crack.
Change Passwords Often –
This one is easy, change your password every 90 days. If your password is leaked or stolen, simply changing it regularly can mitigate the risk of a breach.
Keep Name/Username Out –
Cybercriminals know people like to keep it simple. So they will always attempt a variation of your username. In fact, don’t use any personal info. Your pet’s name, the street you live on or the year you graduated. This information is not difficult to find.
Don’t Store Passwords –
Do not write your password down and stick it under your keyboard or mouse pad. Don’t even save it as a word document on your computer or as a note on your phone. The fewer places your password is documented means less of a chance of a breach.
Use a Password Manager –
If you want to avoid having to constantly change and remember different passwords for different sites, you can utilize a password manager. These tools will create very strong passwords for all of you accounts. As long as you create a strong password for the “master password” you will only have to remember one password ever again. Check out Dashlane or LastPass if you are interested in a free password manager.