It goes without saying that passwords hold the key to protecting your business against actions such as data theft or ransomware. However, despite this visible importance most individuals and even some IT professionals commit a number of cardinal sins that actually puts their company’s information at risk.
To put this into context for you, we’ve taken some statistics from the 2019 State of Password and Authentication Security Behaviours Report:
- 81% of all hacking-related data breaches involve the use of stolen or weak passwords.
- 69% of IT professionals allow their colleagues to use their passwords to access accounts.
- 51% of IT professionals reuse passwords for both professional and personal accounts.
- 57% of IT professionals who have been the subject of phishing attacks have not made any changes to their password management behaviour since it happened.
- 67% of IT professionals are not currently using two-factor authentication in their personal lives and even worse just 55% aren’t using it at work.
- 57% of IT professionals requested a login method that didn’t involve making use of any passwords whatsoever.
To help ensure that you don’t fall into the trap above, in this blog article, we will provide you with 7 of the best ways to improve the password management in your business.
1) Construct a long and strong passphrase
In order to make it much harder for hackers to infiltrate your system, it is worth looking to build stronger passwords. A strong password is largely regarded to be eight characters in length and includes a combination of both uppercase and lowercase letters as well as numbers and symbols.
2) Apply password encryption
By having encryption in place gives your passwords that additional layer of security that is almost impossible to crack, even if your passwords fall into the wrong hands. The best thing to do is to make use of non-reversible end-to-end encryption. This enables you to keep your passwords secure when they are travelling all over your network.
3) Install two-factor authentication
You may have heard of this already, however if you haven’t, two-factor authentication (often referred to as 2FA) has quickly established itself as the standard way of managing organisational resources for both business and personal use. This system requires users to input their standard credentials such as their username and password in order to be able to access their applications but the extra layer of security comes into play as they will need to confirm their identity with a one-time code that is sent to their mobile device.
4) Include advanced authentication techniques
Make use of non-password-based methods that include things such as voice, facial or thumbprint recognition. By having these techniques in place makes it even more challenging for hackers to gain access to your system.
5) Set different passwords for each account you use
It goes without saying but having the same password for everything is almost encouraging many security breaches. How do cybercriminals take advantage of this? If one account is compromised, it will mean that other accounts using the same ones are more than likely to be targeted too.
6) Don’t reuse passwords
As many of us already know, it is common practice for us to have to change our passwords every 90 days as part of password security. In a recent study by the National Institute of Standards and Technology (NIST), it is recommended not to use a mandatory policy of password changes for personal use. The main thinking behind this is the fact that many users tend to reuse passwords. Despite the fact that strategies can be in place to stop this occurring, creative users will be able to find ways around this. Furthermore, changing passwords on a regular basis can also lead to people having to note down the passwords to be able to remember them which is certainly not recommended. Therefore, the NIST have suggested that changing passwords should only happen if there is a potential threat or compromise.
7) Implement password managers
By having a password manager in place will enable you to easily store and build passwords for many different accounts and automatically sign you in as you log on which means that you only need to remember a single password. Just remember to make sure that you pick a strong and unique one as your master password.
In Conclusion
It is crucial for businesses to regularly review their password security policies and password management as both stolen and weak passwords are often the most common reasons for breaches in data. By having some of the above in place, you can help to build a comprehensive password security policy and ensure that you give your business the best possible protection against unauthorised users.
Next Steps?
If you are a business that requires helps in setting up your password policies or implementing an enterprise-level password management solution or dedicated CyberSecurity solutions then please get in touch with our team of IT experts today to discuss your needs.
Want to have articles like the above delivered straight into your inbox? You can be simply signing up to receive our marketing emails!
