Companies are often so concerned with cybersecurity compliance that forget the basic steps essential for information security. Yes, compliance should be a priority, but the scope of cybersecurity extends beyond that. One of the key aspects is password security. With weak passwords, the risk of hacks is huge, and it is important to have a set of dos and don’ts for employees when it comes to management of passwords. In this post, we are sharing more on password security and practices to consider.
- Forget passwords, go for passphrases. There was a time when passwords with just 8 or 10 characters were considered to be ideal, but not anymore. This is when passphrases with at least 16 characters are more than important.
- Using the right mix. A good password should have special characters, numbers, uppercase and lowercase letters. The more complex, the better, and it is wise to create passwords that do not contain any personal or business information.
- Change default passwords. Products, including software and firmware, often come with default details. Default passwords, such as 1234 or abcd123, are easy to crack. Once products have been deployed, the associated information should be changed immediately.
- Recommend a password manager. If your average employee needs to handle at least half a dozen passwords every day, they need to have a tool to manage these details. Makes sure that employees are using a reliable password management tool.
- Avoid automatic login. Many employees, mostly for the sake of convenience, use the option of automatic login. While that may seem easy, but anyone having access to the resource can login without any additional step. Stop automatic login as soon as possible.
- Add multifactor authentication. Even if there is a password breach, MFA ensures that your resource is protected. Multifactor authentication may mean adding a security question, or asking for a onetime password sent to mobile.
- Recommend using different passwords. No two accounts, devices, or resources should have the same password. This is something that every employee should follow for enhanced security.
- Passwords must not be repeated or reused. This is common for many users to reuse old passwords, which can be a huge flaw in ensuring cybersecurity. Make sure that your employees are setting new passwords for everything.
Password protection & security requires effort on part of the entire organization. Make sure that everyone knows their role in ensuring the same.