In today’s technologically-advanced world, passwords serve as the gatekeepers to nearly every facet of our lives. We use them to secure things from personal accounts containing health or banking information to business networks with confidential internal and client data. Yet we’re notoriously bad at creating passwords that protect these details.
Creating stronger passwords
According to Verizon’s 2020 Data Breach Investigations Report, lost or stolen credentials accounted for more than 80% of attacks on web applications, often through the use of brute-force — attacks in which a hacker gains access by guessing your login (username and password). That should come as no surprise when you consider that some of the most commonly used passwords include variations of things like:
Some simple steps you can take to create stronger, more secure passwords include:
- Avoid using identifiable words (like names or anything found in the dictionary) or easy-to-guess details (like momentous dates in your life or significant historical moments)
- Utilize unique combinations of upper and lowercase letters, symbols, and numbers
- Increase the number of characters in your password
- Use a different password for every site, application, or tool that you access
While tips like these are helpful for individuals, the individual application is only half the battle. For small businesses, setting company-wide policies surrounding password use can play a critical role in protecting the organization from a credential-based breach.
Setting password requirements
Research shows that small businesses are making a systematic move toward cloud-based computing, further exposing them to the risks of brute-force attacks on web applications. One way your company can decrease its vulnerability related to this is to set strict password policies. These should include measures like:
- Require passwords be reset regularly (generally 30-90 days)
- Don’t allow users to recycle historical passwords within a specific timeframe
- Enforce a minimum password length
- Use character requirements (like users must include so many of each: upper and lowercase letters, numbers, symbols)
- Allow employees to use a password manager (see below for more information)
In addition to these requirements, you can utilize measures like multi-factor authentication and VPN to further control access to your business network. Employee education is also a valuable tool in protecting your business; the more employees understand the risks your team is facing, the more likely they are to comply.
We’ve already acknowledged that we use passwords for nearly everything we do — so the idea of having to craft and remember unique passwords for every instance where one is needed may seem overwhelming. Fortunately, there’s a solution in the form of password managers.
Password managers are a type of application designed to create, store, and manage credentials in an encrypted database. Instead of having to remember dozens of unique logins, now you only need to keep track of a single master password. Managers are available with desktop, cloud, or single-sign-on (SSO) access depending on your business needs.
Two of our favorites password managers are:
Secure passwords are crucial in protecting your business. By following the guidelines above, you should be able to improve your risk position and decrease the likelihood of a breach related to weak credentials.
Does your team have password policies in place? Comment below with what you require, or reach out to us if you need help to develop a plan.