We’ve talked about how the human factor can weaken your cybersecurity in our previous blog article, and for good reason. One of the most common causes of cyberattacks is human negligence or error, which allows cybercriminals to access systems due to weak or stolen passwords.
Why do businesses need effective password management?
Passwords protect your accounts and sensitive information against cybercriminals. That’s why you should practice good password hygiene — just follow these 10 easy-to-do strategies:
1. Create passwords that are hard to guess by others but are easy for you to remember
Don’t use your personal information that other people know or are in your social media accounts (like birthdays, pet’s names, home address, etc.). If your friends can find that info, so can hackers.
To make passwords easier to memorize, try using passphrases composed of a random string of words, such as “automobilesandwichshirt.” Avoid using common phrases and clichés in your passwords such as “piece of cake” or sayings like “better late than never,” as these combinations are extremely easy for hackers to guess.
2. Length is more important than complexity, but complexity still counts
The longer the password, the more difficult it will be for hackers to guess it. The recommended password length is at least 16 characters, but adding some complexity can further increase the strength of your passwords.
Increasing password complexity may entail using uppercase and lowercase letters, numbers, and special characters. Using the previous example, the following would be a more secure version: “Autom0bile@sandwichshirt2”
3. Each account gets a unique password
We may not like to admit it, but many of us sometimes use the same password for different accounts. Yes, it’s easier for us to remember, but it also makes our accounts easier to hack. If one account is compromised, other accounts using the same password may also be compromised. That’s why you should have unique passwords for different accounts. Worried about remembering all those passwords? Then apply the next strategy.
4. Use a password manager
The drawback to password complexity is that it’s much more difficult to remember, so if you have multiple accounts, it can be difficult to keep track of all your passwords.
Fortunately, there’s no need for you to memorize all your different passwords when you use a password manager. A password manager is an app that stores all your passwords in an encrypted vault and even automatically generates strong password combinations for each of your accounts. With a password manager, you only need to create and remember one long master password to access all your login credentials.
Here are three password managers with a free version that offers unlimited password storage, syncing across multiple devices, and two-factor authentication:
5. Use multifactor authentication (MFA)
MFA is like having two different locks on your door to keep unwanted people out. To access your online account, you need to log in with your password plus enter a code from your mobile or other device. This makes it exponentially more difficult for hackers to infiltrate your accounts.
6. Regularly change your passwords
It’s prudent that you change your passwords, especially for critical accounts such as email, social media, and financial accounts, regularly every 90 to 120 days.
7. Don't share your passwords with anyone
Never divulge your passwords to anyone even if they’re a family member, friend, or coworker. If an emergency occurs and you have no choice but to share it, change your password immediately afterward.
8. Beware of phishing emails and scams
Phishing is when a cybercriminal sends fraudulent email, text, phone, or other messages designed to fool you into giving away your personal information, including your password. So if you receive any suspicious email from someone you don’t know, make sure you don’t click on any links in the message or provide your login info.
9. Don’t write down your passwords
All it takes is one stolen or misplaced item containing your passwords (e.g., sticky note, notebook, mobile device) for anyone to gain easy access to accounts. If you keep them in a device, make sure one needs permission to access your list of passwords. Or better yet, store your passwords in a password manager.
10. Avoid logging in to your accounts using public computers or unsecured networks
Because public computers are used by so many people, you cannot be sure if malware has been installed on them. And unsecured networks are susceptible to hackers intercepting your traffic and stealing your credentials, so it’s best to avoid them.
Cybersecurity is everyone’s concern in your company
When it comes to security, you’re only as strong as your weakest link. No matter how strong your IT defenses are, if there’s any weak point or vulnerability in your system, then cybercriminals can exploit that.
That’s why everyone in your company should comply with the best practices in password management. To help you with that, our IT experts at Online Computers can train you and your staff to become more adept at IT security. Interested? Contact us today.