Passwords remain one of the most critical security controls widely used to protect and secure company infrastructure and data. While the need for strong passwords has long been discussed, they continue to be the difference between a secure infrastructure and a potential cyber catastrophe.
Last year was extremely busy in cybercrime, with more than 3 billion credentials and passwords stolen and disclosed on the internet. That works out to a rate of 8.2 million credentials and passwords each day or 95 passwords every second.
Passwords have always been a good security control, but password strength and how they are processed make a major difference in how secure they really are. For example, it is critical to choose an easy password to remember, keep it long, and use some complexity and uniqueness. In addition, how the password is processed and stored in an encrypted format plays a major role in password security.
Here are eight easy steps to get in control and ensure passwords are strong and secure:
- Go with encryption: Passwords cannot be left in plain text ever and especially not in an Excel document. Always store passwords with encryption.
- Escape complexity: Focus on teaching your end users to use longer and more easily remembered passwords, like password phrases. Don’t let them get bogged down with having to remember special character requirements.
- Teach employees: Continued training is critical and is the most important step in implementing your policy. Make sure your users understand their role, prepare quarterly reviews, and make it fun with incentives.
- Size matters: The longer the password, the harder for a hacker to break. Make human passwords at least eight characters long and systems passwords 12-50 characters.
- Trust no one: Two-factor authentication is a must! No matter the size of your organization, there are two-factor options for you, like RADIUS tokens, DUO, or Google Authenticator.
- Omit duplicates: Use a unique password for each of your accounts. The same password should never be used more than once!
- No cheating: Remembering a long password can be difficult, but don’t allow password hints. These just make it easier for hackers to get in.
- Get a vault: Start using a trusted password manager to enforce strong password best practices. This way, users can always generate long and complex passwords, never have to remember all their passwords and, if you use a vault for your IT team, you can find one that automatically changes your admin passwords. When it comes to IT, automation is key to preventing a breach.
For more information on what’s expected in relation to security and passwords, check out Thycotic’s recent report on the current and future state of password security.