What's the best way to manage your passwords?

October 16, 2019

According to a report, 80% of hacking-related breaches are still linked to compromised, weak, and reused passwords. Yet, having many strong passwords is often difficult to handle and can lead to an increase in password resets (and/or some other problem related to managing strong passwords).

For a business, secure password management and password best practices are essential. Passwords can protect your website, software programs, and business networks. Passwords keep your business safe from unauthorized entry by ex-employees, curious intruders and, of course, hackers.

So how often should you change passwords? Should you always use a different password for every system and site? How complicated do passwords need to be?  Should you use a password manager? And how important is multi-factor authentication?

We offer some tips for ensuring password management best practices for your business.

Define A Policy

Defining your password policy is a great place to start. These are a set of rules covering how you design the combinations of words, numbers and/or symbols that grant access to an otherwise restricted online area.

Viruses are still common in 2019.  Up-to-date anti-virus software and firewalls to block unwanted access are essential. It may sound simple, but make sure your workplace Wi-Fi network is secure; ensure that your router password is selected by you and does not stay as the default password. Adhering to these key elements of best practices can help secure your business in the long run.

Don’t Make It Personal

When it comes to passwords, the more random the better.  Do not use your name or date of birth. Those are the first things a hacker will try. The 8 + 4 Rule is popular and helps you to build passwords that are extremely strong. This rule states that passwords should be constructed as follows:

  • 8= 8 characters minimum length
  • 4= 1 lower case + 1 upper case + 1 number + 1 special character.

Use Different Passwords for Different Accounts

Using the same easy-to-type password on every website and service you use practically rolls out the red carpet for an attacker into your online life.  Make sure every account has a different and unique password.

Use A Password Manager

As a business owner, you need to make sure that all the passwords used within your organization are long, strong, complex, and used just for one account. That’s where a password manager comes in to play. It remembers all your online passwords for your email accounts, mobile apps, and alternative work-related and private accounts. All you got to bear in mind is that the single “master” password that unlocks the password manager.

The best password managers allow you to import your password from other sources including your computer’s browser. This is important if you hold tons of account passwords you don’t want to manually input each time you log in.

Change Infrequently

After decades of conventional wisdom recommending that passwords constantly change, some organizations are abolishing password expirations altogether.  This change in policy is often accompanied by the deployment of multi-factor authentication systems which further increase security.

Regardless of other security measures, evidence suggests that security may not be improved much by requiring frequent password changes.  Computer scientists at Carleton University in the United States studied password expiration policies and concluded that the security advantage is “relatively minor at best and questionable in light of relative costs.”

Add Other Barriers

Instead of changing your password frequently, add an extra layer of security using Multi-Factor Authentication. With multi-factor authentication (MFA) or two-factor authentication, a user is required to not only provide a password to gain access to a system but also another security factor like a unique one-time access code generated from a token device or secure mobile app on their smartphone. Systems protected by MFA are almost impenetrable by an outside attack.

If you’re looking for a better way to improve the security of your customers’ valuable data and your own for that matter, you can start by deploying password security policies and password management. Additionally, with the help of a trusted managed IT services provider (MSP) like CloudOrbis, you’ll find the best password security solution that will ensure stronger protection against unauthorized access. Call us today to learn more.