Password Security: Best Practices
Does your business take password security seriously? You would be surprised at the number of small businesses that don’t even have passwords on their desktops, or maybe they do have passwords but keep the passwords written on a post-it note, stuck to their monitor for anybody and everybody to see.
Nobody likes having to remember long, complicated passwords. But in today’s age, companies who are still treating password security as optional for their business, are at a severe disadvantage when it comes to your cyber security. Remember this: It is not a matter of IF you get hacked, it is a matter of WHEN.
The latest data indicates that 111.7 million Americans get hacked each year. That accounts for approximately half a million online U.S. accounts getting hacked EVERY day. With those numbers in mind, there are a few relatively simple things your business can do to shore up your cyber security.
Protect Your Business
The first step (and the easiest) is to make sure EVERY account within your organization is password protected, with only the account owner knowing that password. Don’t allow your employees to write their passwords down and keep them on their desks. An important note: passwords should be at least 10 characters in length, or longer. Passwords should also be complex, using upper- and lower-case letters, numbers, and special characters. A hacker back in 2012 used tech that could generate 350 billion guesses per second, meaning he could crack any 8-digit password in six hours or less. When you have a 10-character (or more) complex password, the time to crack it via a brute-force attack goes from hours to several weeks, months, or even years.
The second step is to ensure that all your employees must change their password at 90-day intervals. This should be done through an automated policy, as it is not a best practice to “trust” your employees to change their passwords on their own.
Another thing some users do that has no place in business is the practice of using the same password across multiple online accounts, such as an employee using their Microsoft 365 account password on a separate vendor account log-in. The risks that come with doing that are obvious – if your employee’s password is compromised, they now have multiple accounts that they need to secure while hoping that permanent damage hasn’t been done before your user notices.
Finally, we’ve said it before and will say it again – enable two-factor authentication across your online accounts. Having a long password is great and should absolutely be done, but two-factor authentication is also a must in today’s online world.