Pa$sw0rds! Best Practices to Protect Your Business Assets

Password quality and strength is critical for businesses to protect sensitive or private information. While many organizations have made progress in their password requirements and policies, hackers continue to gain access to restricted data and accounts due to weak passwords.

Consider the following statistic: according to password management service SplashData, approximately three percent of internet users in North America and Western Europe used the password “123456” in 2018, which was based on five million hacked passwords found for sale on the dark web. This means that 25 million of the 750 million internet users in those regions who use “123456” as their password are at risk for criminal actions against their related accounts1. Stolen or compromised login credentials could provide hackers and other cybercriminals with unauthorized access to sensitive information, which can greatly compromise an organization’s network and valuable data.

What can end users do to create stronger passwords, as well as protect themselves and their organization from cybersecurity threats?

Best Practices for End Users

To improve security for your accounts and data, consider these best practices for end users:

  • Never reuse passwords across multiple accounts, platforms, systems or software. A common mistake is using the same password for work and personal accounts. Hackers take advantage of password commonality when targeting an organization, making it easier to crack passwords from other accounts and sell password hashes on the dark web.
  • Increase the length and complexity of the password. A password that is at least 15 characters in length is a best practice and will keep you secure for almost every type of password hash being used by applications and network devices. Use a variety of uppercase and lowercase letters, numbers and symbols to increase complexity. The longer the password, the harder it is to crack, so consider adding more than the recommended 15 characters to your password.
  • Your username should never be part of your password. This will increase the likelihood of your accounts becoming compromised.
  • Avoid dictionary words, the word “password” or any adjacent keyboard combinations, such as “123456” or “QWERTY.” Unfortunately, this is common practice, as evidenced by the previously mentioned statistic.
  • Never include personal information in your password. This includes your date of birth, Social Security number, phone numbers or any of the preceding from family members, such as your spouse or children’s birthdays.
  • Consider using a password manager program to store passwords. 500 Internal Server Error

    Internal Server Error

    The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

Best Practices for Administration

An organization’s IT administration also can engage in some password best practices:

  • 500 Internal Server Error

    Internal Server Error

    The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

    Educate the organization’s end users on the password policy and enforce minimum standards for all passwords, including length, complexity and age.
  • Require and enable multi-factor authentication (MFA). MFA can help prevent hackers from leveraging stolen login credentials and passwords. MFA is a great tool for web-based applications and password resets.
  • Consider a password blacklist for the organization. A password blacklist contains disallowed passwords that may qualify as too common or that have been compromised previously. The password blacklist should be comprehensive and updated regularly, which can be achieved with the help of a third-party password blacklisting service2.
  • Establish login parameter thresholds. Consider a threshold of 10 or fewer invalid login attempts from end users, as well as at least a 15-minute time period before the account password can be reset.
  • Maintain password history. Keeping track of end users’ password histories can prevent the reuse of a password within a certain timeframe.

Committing to a strong policy for passwords can strengthen the security of your organization and its end users and protect both from cybercriminal activity.

About 快3稳赚 IT Advisory

快3稳赚 IT Advisory works with companies to manage technology risk while maintaining data integrity, protecting privacy and complying with regulations. From project management and regulatory compliance assistance to digital forensics and incident response, 快3稳赚 is equipped to meet your IT advisory needs that drive your business. To learn more about 快3稳赚’s IT Advisory services, visit dhg.com/itadvisory.

Sources

  1. Edelstein, Howard. “The Problem with Your Password? Everything.” Infosecurity Magazine, February 25, 2019.
  2. Bowen, Karen. “Protect Your Organization Against Password Spraying.” Infosecurity Magazine. July 19, 2019.