It has become apparent that telling people to come up with multiple, complicated passwords for each individual account has backfired. Now, many people will use the same password for everything they log into – and that makes us more vulnerable to hackers.
Good passwords are an essential element of your password policy. So, what makes a good password?
Strong Password Criteria:
- 12 characters long ideally, with 8 being the minimum to provide adequate security
- Mixture of uppercase and lowercase letters, digits and symbols
- Avoid including names of people or pets, DOB, places you’ve lived
- Avoid using patterns such as ‘abc’ or ‘123’
- Avoid, if possible, using dictionary words – make something up!
An extra tip is to avoid using the obvious ‘swaps’ such as replacing ‘s’ with ‘5’ or ‘1’ with ‘!’.
In practice, a group of random words such as ‘dog&BLUE-78+skipped’ is harder to hack than more easily remembered passwords such as ‘1t’5Chr1stma5!’.
Tips to Stay Safe:
- Use a different password for every separate account you own. This means that in the occurrence of a data breach the damage will be minimal.
- Avoid keeping a record of all your passwords in one file. It can be quite easy for someone to gain access to that file, which will give them your accounts and associated passwords.
- Change your password every 90 days so an attacker has limited time to access your account. EMH Technology can create a Microsoft password policy that implements this rule for you. The policy can also enforce other criteria, in addition to a password change after a set number of days.
- Use two-factor authentication for critical accounts. This involves something you know (passphrase) and something you have, such as an authenticator app or mobile phone. If someone gets hold of one thing they still can’t access your account without the other.
Managing Your Passwords:
How are your passwords stored?
How often do your employees update their passwords?
Do you allow staff to sign on to business applications with private accounts you have no control over such as Facebook?
Do you change all passwords when a member of staff leaves?