Are You Up-To-Date with Password Protection?
As business environments have become so entrenched with digital practices, password protection is more important than ever before. Employing weak password practices exposes your organization to hackers who want to steal valuable information from you. Password protection is not only one of the strongest defenses against such perils, but it’s actually among the easiest and most accessible to employ.
So, what are the most important password practices to keep in mind to protect your business?
Require long passwords
When the world was first going through the digital revolution, people didn’t understand that protecting privacy and confidentiality required strong passwords. Too often people chose passwords that were not secure, such as their kid’s name or their street address. While in the past few decades we’ve learned a lot about what makes a password secure, too many people rely on short, easy to type and remember passwords. But passwords that are easy to type and remember are also easy to crack and easy to hack.
To make a password more difficult for cyber criminals to crack, businesses should require passwords to be longer, use a mix of letters, numbers, and symbols. Many users may fear such requirements. The National Institute of Standards and Technology, however, recommends creating long phrases that include spaces to make passwords easy to remember. Phrases or sentences with personal connection, for example, can be very effective. In the end, though, password protection is too important to ignore based on convenience.
Blacklist passwords that are too common
Hackers trying to crack passwords will commonly start by systematically going through databases of popular passwords, dictionary words, or other common features. Businesses can also access these ‘most common passwords’ and block users from choosing them, thus preventing weak passwords from being used.
Use two-factor authentication
A practice that’s becoming increasingly common in today’s environment is requiring users to use two-factor authentication. Knowledge of username and password is just one ‘factor’ of authentication, which can be illicitly gained. A second factor of authentication could include sending a one-time code to the user’s cell phone or a designated USB token. The likelihood that a hacker gains access to this second factor in addition to a password is drastically lower than just a password alone. This means that your enterprise is much safer with two-factor authentication.
Sometimes enterprises store passwords in a files written in plain text. Hackers who compromise those systems will immediately have access to all those accounts. Password encryption is an additional layer of protection that ensures that if cyber criminals were to access your database of usernames and passwords that they would still be unable to decipher those passwords.
Train employees and users
As with any security system, physical or cyber, best practices are fruitless unless they are followed. It is the responsibility of the enterprise to ensure employees and users are aware of and compliant with these password protection practices. Employees should attend mandatory annual cyber-security refresher course. Additionally, all new policies and procedures should be communicated well in advance of implementation. This will give employees the time to ask questions and get comfortable with the changes.