Most business owners and managers understand the important role that secure passwords play in protecting business data and accounts from being compromised. When you consider that business technology users maintain an average of 191 passwords, it only makes sense that not every organization wants to take on the considerable feat of ensuring their staff create unique and complex passwords for every application and account they have access to. Nevermind regularly updating all those passwords every few months.
To some, password hygiene may not seem like a huge deal, however, proper password hygiene is a crucial part of a business’s cyber security plan. According to Verizon, 81 percent of breaches occur due to poor passwords. In order to make improving password security a priority across the organization, companies must educate their employees on why password security is important and equip them with the best strategies and tools for creating and maintaining more secure passwords.
Here are just a few easy ways that you can help your team create and maintain better, safer passwords — while even making life a little easier.
1. Practice good password hygiene.
Effective password hygiene is an important part of cloud security management. Here are some simple tactics that you can use to make sure your passwords remain secure:
- Choose passwords that are at least 8 characters long, with 14 characters being the ideal length.
- When creating a password, use mixed case and special characters, while avoiding common or anticipated usage. For example, simply capitalizing the first letter and exchanging the “a” for an “@” in P@ssword is not enough.
- Do not choose a password that could be easily guessed by someone who knows you, such as your name or spouse’s name.
- Do not choose a password that contains common words or number patterns such as abc123 or welcome1.
- Try using a phrase for your password, as these tend to be harder for others to guess or hack, but easier for the user to recall.
- Make sure that each account has its own unique password, being careful not to repeat passwords or use similar variations on any of your accounts.
- If you think that your account may have been hacked, change the password right away.
- Do not share your passwords with others or leave them visible on your desk for others to see.
2. Use a password manager.
A password manager or password vault, like LastPass, securely stores all your passwords so that you don’t have to remember all of them, write them down, or store them somewhere that’s not secure. Password managers typically have features such as a browser extension that will autofill your passwords on different sites; a form-fill option to fill in information that’s commonly asked for, like your name, address, and phone number; and a secure place to store notes that contain sensitive information, like account numbers.
Another benefit of password managers is that they help you stay on top of password hygiene by generating secure passwords and alerting you to any duplicated passwords in your vault. For accounts that have password requirements, like a special character or a certain length, you can tell the password manager what these requirements are and it will come up with a random and secure password that fits these specifications. Then, it will save this password in your vault so that you don’t have to remember it every time you log in.
Some password managers also have a feature that allows you to share passwords with others without letting them see the actual password. For instance, if your company’s Facebook page is managed through one employee’s Facebook account, that employee can share the login information with coworkers and they can log in, but they can’t view the password itself. And if the password is updated, it will automatically update for everyone who has access to it.
Overall, password managers make password hygiene and security easy and efficient. They take the hassle out of creating long, unique passwords and eliminate the need for users to remember the passwords for all their accounts. All they need to remember is one password for their password manager and use multi-factor authentication to keep their vault secure.
3. Take advantage of multi-factor authentication.
Multi-factor authentication requires users to take multiple actions to access their accounts. Dual-factor authentication includes a password and a second action such as entering a pin number that’s texted to the user’s cell phone. The token used as your second identifier is usually one of three types — something you know (like a password, pin number, or security question), something you are (such as a fingerprint or face ID), and something you have (like a smartphone, fob, or ID badge).
There are many different programs you can use to implement multi-factor authentication at your organization, while making the process easier for users. Duo is just one example. This service sends you a push notification when you log into certain accounts. All the user needs to do is “Approve” or “Deny” access when they receive a notification. They also include codes that you can use to gain access if you don’t currently have an internet connection.
4. Add password guidelines to your Acceptable Use Policy.
An Acceptable Use Policy (AUP) is a document that details rules and practices that users must agree to and follow when using a company’s internet or other networks. Including information about password requirements and best practices in your AUP is one way you can ensure that your employees know what is expected of them.
Furthermore, AUPs are meant to be enforced and include consequences for employees who do not follow the stated rules. Including password requirements and best practices in your Acceptable Use Policy gives your company a way to better enforce password rules to support improved password security.
Need Help Improving Password Security?
Strengthening password security across the organization is one important way businesses can enhance overall security, while reducing the risk of a data breach. But if you want to keep your business protected, then everyone on your team needs to be invested in password security. CoreTech can help with password management solutions in two ways — user training and solution implementation.
While most people don’t think much about their passwords, leaders within the business need to ensure their team has secure passwords across business accounts. The team at CoreTech stays up to date with the latest password security trends, tools, and best practices. In addition to recommending and implementing the right password management tools for your company, we can also educate your team on why password security is important and train them to use any solutions we put in place.
Ready to get started? Contact us today to find out how we can help your team improve password security.