For most businesses, the only thing standing between their most valuable and sensitive data and a hacker is a single password. And while most employees know they should be using strong, unique passwords for every login, many of them don’t.
It’s a common battle between the need to remember the password and get logged in so they can stay on task and the need for passwords to be as secure as possible to stop potential data breaches.
A 2019 report by Ponemon Institute that surveyed IT and IT security practitioners about password security illustrates this dilemma well:
- 66% of respondents say it’s very important to protect passwords
- 51% of respondents say it’s too difficult to manage passwords
When it comes to network security, having good password policies is a vital part of your overall security infrastructure. You can have the strongest firewall and anti-malware program available, but if your administrator’s password is hacked, a criminal can easily bypass them. Poor password management is like putting a great alarm system on your Ferrari, but leaving it unlocked with the keys in the ignition.
So, how do you put a good password policy in place? We’ve got several tips to help you set and enforce proper password management, so your data and network stay secure.
Password Management Best Practices
While securing your passwords might not seem as flashy as getting a next-generation firewall, it’s just as important.
81% of company data breaches are the result of weak passwords.
Instituting a good password policy means putting your policy for password management down on paper and ensuring your team has the right tools to carry it out.
Get started with the following password mangement tips.
Require Strong Passwords for Every Login
You’d be surprised how many people still use “password” or “12345” as their login password. If you just let employees use any password they like, there’s a good chance it could be a weak link in your data security.
Requiring a “strong” passwords means putting rules in place to ensure passwords contain:
- A combination of letters, numbers, and symbols
- A combination of upper-case and lower-case letters
- At least 7-10 characters at minimum
Don’t Share Passwords
In the Ponemon study, 69% of people admitted to sharing their passwords with work colleagues. It’s a bad habit to get into because once a password is shared, the owner no longer has control over it… what happens if that colleague shares it with someone else? It’s especially dangerous if it’s shared with a vendor. It’s a better policy to create another limited time login if needed than to share passwords.
Don’t Save Passwords in Browsers
Saving passwords in Chrome or another browser make it quick an easy to login, but they could be putting your logins at risk. If a device is lost or stolen, the thief can easily get into any login just by accessing the site in the browser.
If your company is subject to any data privacy regulations, this can also make it more difficult to do audits of your security policies if you have employees saving passwords in a variety of different browsers.
Use Two-Factor Authentication
Using two-factor authentication with your logins increases your password security by leaps and bounds. When enabled, it means that a second form of authentication is required to complete login, which is generally a time sensitive code sent via text message to the user’s mobile device.
So, even if a hacker does get a hold of your login, it means that they still can’t get access, and you’ll be alerted via text that someone is trying to use your credentials.
Use Unique Passwords
One of the most common bad password habits is to use the same password for several different logins. Many people have a rotating list of 4-5 passwords that they use for everything, both at work and home. But this means that all a hacker has to do is get a hold of one password and it can unlock multiple other data sources. It’s becoming all too coming for credentials to be breached at major retailers (like Target) and then sold on the Dark Web.
But, how does one remember strong passwords, without saving them in a browser, and make them unique for every single login? Out next tip will help!
Employ a Password Management Tool
You can solve the problem of how to remember strong, unique passwords for every login by using a password management application. They keep a vault of all your passwords that only needs one master password to unlock.
Key features of using a password manager include:
- They suggest strong passwords to users
- Users only have to remember a single strong password
- If devices are lost or stolen, the password vault can’t be accessed without the master password
- They auto-fill credentials for fast logins
- Businesses have control of all their logins across multiple devices
- They can be used for credit card details too
Enforcing Password Policies
The best way to enforce good password policies is through your applications that allow you to set acceptable password parameters. For example, you can require users to set up two-factor authentication in Office 365. Many cloud-based platforms also allow you to set how many characters a password must be and what it requires (i.e. at least 1 symbol).
Training your staff on password policies will also help with enforcement but automating the process as much as possible will ensure no weak passwords fall through the cracks.
How Strong is Your Data Security?
Don’t leave your data security to chance. Whether you’d like to implement a password manager or need a checkup of your network security, B-Comp Services can help.
Give us a call today and sleep easier tomorrow. You can reach us at 303-282-4934 or request a free consultation online.