It seems that nobody likes passwords. Workers don’t like picking them. Companies don’t like constantly trying to secure them. Security folks don’t like defending them. But the reality is that passwords are absolutely key to your organization’s cybersecurity.
Increased security for your organization doesn’t always have to involve extensive vulnerability testing or expensive process changes. For many organizations, simple password regulations can help you prevent data breaches and increase your organization’s security without a lot of time, money, or hassle. Applying better password processes can be the starting point for increased security in your organization.
There are many things you can do to ensure your workers use best password practices, but these five habits can help you ensure your entire company is on the same page as far as healthy habits for passwords go.
Stop ending your passwords with the number one. The number one is commonly used as the ending to passwords, making a password easier to guess or manipulate. Choose a different number for your password ending to help change up the intricacy. And just hitting the shift key and getting an exclamation point isn’t any better!
Stop using leet in your passwords. Leet also known as eleet or leetspeak is a system of modified spellings of dictionary words primarily used on the internet. That means it’s not as private or secret as you think. Leet is replacing letters with numbers or symbols to make it seemingly more difficult. But using numbers and symbols is the same level of complexity as using letters if you’re spelling a word. Instead of replacing letters with numbers or signs, do a random string of numbers or letters. S3cr3t and s@fe just aren’t solid password options anymore. This practice was tired in the 2000s, it’s even more so now.
Stop using keyboard patterns. This includes that age-old standby – qwerty – along with all the new classics, like 1qaz2wsc and 1z=/bn. Why shouldn’t you be using patterns? There’s this little idea going around called the infinite monkey theorem. This suggests that computers can guess patterns better than we understand. And humans are also inclined to be able to guess and understand patterns, so relying on them for a password isn’t a great idea.
Stop broadcasting every facet of your life online. Especially if you use that data in your password. Confused? Let’s use a great example. Employees love, love, love using their spouse’s names and marriage year for their passwords. They absolutely love it. That being said, what do almost all employees have in common besides this? Their bios are online. Generally, based on this, it’s not too difficult to confirm or track down marriage dates and spousal names if not already listed. So it’s time to ask yourself this – is your current password made up of any combination of work, school, family, or hobbies/activities you like to do? If not, great. If it does contain one or more of those categories – how prevalent is your online profile, and does it contain any of this information? What about your spouse and your children? If you’re going to put information about yourself out there for people to see, you want to avoid using that in your passwords in any way. The best practice is to keep personal information off of the internet as much as you can.
Stop choosing six-character passwords. We’ve just gotten to the point computationally where six-character passwords are an absolute joke and offer almost no security. There’s nothing clever, cute, or sophisticated in gaming the system by using a six-character password. Employers and workers alike should expect longer passwords to increase their personal and organizational security. The same goes for the application of faulty logic. A password of !1q!1q is not a wonderful password, even if it does satisfy your company’s password complexity rules. Employers should make password requirements longer and more detailed in order to ensure the organization is secure, and you as an employee should make sure your password is longer and more detailed even if your employer doesn’t require it.
There’s absolutely nothing in or to the above that is going to prevent data breaches or guarantee you or your employee won’t get hacked or compromised. But following healthier password practices are key in helping you cut down on cyber threats and data breaches. It can also save you time on a penetration test, as password security will be an important measure for your security posture. Implement meaningful regulations and requirements for your passwords in order to keep your organization as secure as possible.