5 DOs and DONTs of password security for your business
- Posted by: Hiperdistuae.com
- Category: Security
The rise of recent identity theft and breaches have made password security more critical than ever. Our credentials form the first line of defence against hackers. Despite their importance, many of us are guilty of using poor password hygiene, which leaves our information vulnerable.
In fact, recent statistics show that over 60% of data breaches are due to mismanaged credentials. Passwords, especially those with privileged access run the risk of being mismanaged, stolen, or abused by malicious agents.
Protect your information by following password management best practices in your organization. Here are some dos and don’ts to keep in mind to manage and defend your online assets:
Choose complexity – Strong passwords comprise at least 8 characters. Aim for 12-16 characters, and include upper case, lower case letters, numbers and symbols.
Password Maintenance –Change your passwords regularly.
Add variety – Use multiple passwords for different sites.
Deploy MFA – Do use an extra layer of security. MFA (Multi-factor authentication) or 2FA (two-factor authentication) is a smart way of enabling authentication defence for your users.
Additionally, it ensures that your data cannot be accessed, even if an employee account is compromised.
Use Vaults – Do protect your passwords, by storing them in encrypted password vaults or managers. There are several such security vaults in the market, such as LastPass, 1Password or Keeper. No matter which one you select, ensure that they fit your requirements to safeguard sensitive information.
Related: Phishing attacks: 4 Ways to Protect your organization
Save your passwords – Do not save your credentials on unsecured platforms and devices. We often save a list of our passwords in excel sheets or note them down in our phones and notebooks. These platforms and devices have no or poor encryption. This makes it easy for hackers to target them, putting our data at risk.
Select common words – Do not use words contained in the dictionaries (English or foreign). This includes commonly used words such as ‘password’, ‘football’, ‘user’. Hackers use password-cracking tools that work rapidly to match thousands of common names and combinations.
Use short passwords – Do not use short passwords, no matter how complex.
Add personal data – Do not use obvious personal information. This includes your birth date, address, family members’ names, anniversary date etc.
Share your password – Do not share sensitive information with anyone. Scammers often run social engineering attacks where they call you for data. Be careful to never share that information over the phone or email. Login information to sensitive data or applications should only be shared with individuals who have the proper authorization.
Related: Top 5 best practices in password management
Over 90% of employee passwords can be cracked in 6 hours or less. Hence, organizations must follow proper password management tactics to deter attacks. One easy way to generate and store your credentials safely is to deploy a password manager for your business.
These digital vaults use secure password encryption methods to prevent password leaks in potential data breaches.