Implementing and enforcing best practice password policies helps you stay secure.
There is an ongoing struggle when it comes to passwords. The same problem has dogged organisations and users for decades now. The easier a password is to remember, the less secure it is. This led to many services requiring users to add more and more elements to their passwords, first numbers, then capitals, then special characters (!, £, *, %, etc). Many passwords now require you to have all three!
The unintended consequence of this is that many users pick one strong password and then use that for everything, from their work email to their online back, to their Netflix account. The issue with this approach is that if one of those passwords is compromised, an attacker will try that password on every service or website they can think of and gain access to all of them.
How You Can Improve Your Password Security
Here are some of the policies which organisations should implement in order to improve the security of their passwords.
- Do Not Force Constant Password Changes
Previously, many organisations and services would enforce mandatory password changes every 30, 60, or 90 days. Counterintuitively, this actually incentivises poor user behaviours when it comes to password security. Users who are forced to change their passwords too often will choose less secure passwords or repeat old passwords with only slight variations. It is more advisable to enforce these password changes no more than once every 12 months and instead to use the methods listed below. - Use Multi Factor Authentication (MFA)
Multi factor authentication (also called two-factor authentication/2FA) refers to using an additional piece of information to access a system rather than just using a standard username and password combination. This could be a code generated by an app, a code sent to your phone via SMS, or a physical device like a USB key. Using MFA dramatically increases your security. - Use A Password Manager
Password managers like LastPass or 1Password allow you to store an unlimited number of passwords in an encrypted ‘vault’. This is secured with one VERY strong password (many people use a whole sentence, or ‘pass phrase’). As a result, you only have to remember your master password, and so you can make your individual passwords extremely secure collections of random letters, numbers and symbols (e.g. gHjs8&ma%”yYUD*qlxBo&) which your password manager will generate for you. - Reduce Your Reliance On Passwords
Passwords are a cheap and simple way to gain a level of security, but there are alternatives which are worth considering. Single sign-on solutions which use the cloud to verify your identity and biometric logins with use identifiers like your fingerprint are both viable options. They can be slightly more complicated to setup but are harder to crack and they reduce the number of passwords required.
Need Help Managing Your Passwords?
Carden IT Services can help you to take control of your passwords and enforce a sensible password policy across your organisation. Password management is just one part of Carden IT Services’ comprehensive cyber-defence package. Our combination of expertise and the latest software protects your business from cyber-threats 24/7. Speak to our cyber-defence team today to learn more.