Perfecting password practices is crucial for business success in the digital age. In 2019, a staggering 770 million email addresses and their associated passwords were discovered in one large leak.
Weak passwords put your company and your customer data in danger, and lead you to face costs of $3.92 million per data breach.
One way to strengthen your company’s defenses is to practice password best practices. If they aren’t, you’re in trouble. We’ve already shown you how to protect against physical security threats, now it’s the turn for digital threats.
Ready to learn more about the best password practices? Keep reading!
1. Ban Weak Passwords on Your Business Network
Your IT system should be set up so that it does not allow weak passwords to be used. These include “password” and its variations like “password123” or “password1.”
Such passwords are easy to crack and are huge gaping holes in your business’ cybersecurity policy. Single words with no special characters or numbers and symbols are a no-go.
Hackers can easily use a dictionary attack to try a massive variety of words and crack your password. Never allow employees to use easy passwords, no matter what they’re for. This is a crucial tenet of password best practices.
2. Don’t Write Down Passwords, Don’t Share Them
Good information security policy doesn’t end at the computer keyboard. Makes sure that your employees know to never share their passwords with anyone; not even their closest colleagues.
The problem with sharing passwords is that if someone else knows it, it can soon spread like wildfire.
You should also not allow employees to write their passwords down, for example, on a sticky note. These could be lost or used by another employee or company visitor, to hack your systems.
3. Password Length vs Password Complexity
There’s an old Xkcd comic that argues using a selection of easy to remember, random words is better than using an esoteric password made up of letters, numbers, and special characters. Is this true?
In general, a longer password is better than a more complex one. If the hacker doesn’t know anything about the password, it would take longer to hack. Yet, if the hacker uses social engineering to find out that your password is, for instance, four or five random words, it becomes a lot easier.
If you’re likely to be the subject of social engineering, rather than brute force attacks, a more complex password could be useful.
4. Use Different Passwords for Every Account
Never use the same password twice. If you do, you’re giving an attacker free reign over multiple systems and apps. Use a different password for every account that you make and use.
5. Check Your Current Passwords
Do you want to know whether your current passwords are secured? Then we would recommend using the website Have I Been Pwned. Here, you can search your email address and discover whether it has been found in any password leaks.
Need Help With Password Best Practices and Other Cybersecurity Issues?
Keeping up with these password best practices can be time-consuming, but you and your employees have to do it.
If you’d like some help securing your business’ digital platforms, get in touch with us! We will make your business more secure and cyber-ready.