Passwords have always been central to information security, which is why they’re one of the biggest targets for cybercriminals. Using stolen login credentials, an unauthorized party can easily steal confidential data or spread malicious software throughout the network. It also doesn’t help that many people have poor password habits. To protect your accounts and data, it’s important to follow the tips below.
#1. Don’t change passwords regularly
In the past, cybersecurity experts advised that people should change their passwords regularly. However, recent studies have shown that this doesn’t improve security and may even make matters worse.
Having to remember dozens of different passwords is bad enough, but when you have to change them constantly, there’s a much higher chance of reusing the same passwords with minor modifications or, worse still, writing them down in an unsecure location.
Instead, it’s better to set a strong and memorable password that’s difficult for others to guess.
#2. Use long and complex passwords
More complex passwords tend to be more difficult to remember, but they’re also far more difficult to crack using a brute force attack. Shockingly, however, the most common passwords are “password” and “123456”.
A strong password should be at least 10 characters long and include numbers and letters and, preferably, one or more symbols.
An easier option is to use an entire phrase that means something to you but not to anyone else. Never use common words or phrases from or other publications. It can be something as random as “time3_s@ndwich_California”. The point is the longer your password, the longer it will take hackers to guess and them.
#3. Conduct regular security training
The clear majority of data breaches begin with a social engineering scam, such as a phishing email. This illustrates that information security isn’t a technical problem, but a human one.
Given how widespread bad password habits are, it’s important to bring the issue closer to home with engaging security awareness training programs. These should include simulated phishing scams, and highlight the importance of strong passwords and protecting mobile devices with PIN codes and other authentication methods.
#4. Enforce multifactor authentication (MFA)
The best practice for password security is to stop relying so much on passwords. While passwords remain central to any information security routine, they only provide a single layer of security by themselves.
MFA adds an extra security layer by requiring users to verify their identities. Depending on the nature of the data being protected, MFA may kick in every time the user logs in or only when they log in from an unrecognized device or network. When it does, it will ask for something more than just a password, such as a one-time security token or SMS code.
#5. Implement single sign-on
Single sign-on (SSO) is typically paired with MFA to offer centralized user authentication in which a single set of login credentials can be used to access multiple applications. This is useful for giving employees a single login to all the systems they need to do their jobs, as well as assigning access rights per the principle of least privilege.
SSO boosts security by simplifying management and reducing potential points of failure. SSO is also a perfect solution for improving scalability, since it enables the secure and rapid provisioning of cloud-hosted apps and other resources.
Developing good password habits isn’t difficult, but it does require a lot of diligence and effort on your end. Simplified IT Consulting can provide expert advice and additional cybersecurity solutions to ensure your accounts are as safe as possible. Call us today to schedule a free consultation and protect your business.