Are You Up-To-Date with Password Protection?
As business environments have become so entrenched with digital practices, storing data and proprietary information in the cloud, password protection is more important than ever before. Employing weak password practices exposes your organization to liability to malicious actors who want to steal valuable information from you and/or your practices. Password protection is not only one of the strongest defenses against such perils, but it’s actually among the easiest and most accessible to employ.
So, what are the most important password practices to keep in mind to protect your business?
Require long passwords
When the world was first going through the digital revolution and coming to understand that protecting privacy and confidentiality required password protection, too often the passwords people chose were too insecure. While in the past few decades we’ve learned a lot about what makes a password secure, too many people rely on short, unsecure, and easy-to-crack passwords. To make a password more difficult for cyber criminals to crack, businesses should require passwords to be longer, use a mix of letters, numbers, and symbols. While many users may fear such requirements and the difficulty of remembering such passwords, the National Institute of Standards and Technology recommends creating long phrases that include spaces to make them easy to remember—phrases or sentences with personal connection, for example. In the end, though, password protection is too important to ignore based on convenience.
Blacklist passwords that are too common
Malicious actors trying to crack passwords will commonly start by systematically going through databases of the most popular passwords, dictionary words, or other common features. Businesses can also access these ‘most common passwords’ and block users from choosing them, thus preventing weak passwords from being used.
Use two-factor authentication
A practice that’s becoming increasingly common in today’s environment is requiring users to use two-factor authentication, or at least give users the option to do so. Knowledge of username and password is just one ‘factor’ of authentication, which can be illicitly gained. A second factor of authentication to confirm a user’s identity would include sending a one-time code to the user’s cell phone or a designated USB token. The likelihood that a malicious actor gains access to this second factor in addition to a password is drastically lower than just a password alone, meaning the enterprise is much safer with two-factor authentication.
When enterprises store passwords in a file with plain text, hackers who compromise those systems will immediately have access to all those accounts. Password encryption is an additional layer of protection that ensures that if cyber criminals were to access your database of usernames and passwords that they would still be unable to decipher those passwords.
Train employees and users
As with any security system, physical or cyber, best practices are fruitless unless they are used the right way and implemented every time. It is the responsibility of the enterprise to ensure employees and users are aware, knowledgeable, and compliant with these password protection practices. When new protections are added, be sure to educate everyone who will need to use it, and then periodically remind them of these practices so compliance doesn’t slip.
If you want to learn more about how to protect your business from cybersecurity threats, through expert use of password protection practices or other defenses, VanTech is an expert in effectively and efficiently applying the solutions that will most benefit you. Please reach out to VanTech today at (973) 744-1660.