Top 5 tips to improve password safety
Replace passwords with passphrase
“Passphrases increase the likelihood of remembering your password and make it more difficult for hackers to crack. At the same time, as more and more web accounts require the use of special characters, numbers or capitalized letters, passphrases more naturally meet those complexity requirements. It’s also more difficult to crack passwords that are longer–complexity is a much-needed ingredient, but length helps deter potential attackers who are using an automated password-cracking tool–and passphrases make it inherently easier to create longer passwords,” said Tim Brown, VP of Security, SolarWinds.
Know your accounts
“Use different passwords depending on the “importance” of your account–leverage a few “throwaway” passwords and email addresses for low-importance activities,” said Brown. “This allows users to save high-quality, complex passphrases for accounts with much more personal information. Consider using an online password manager to help juggle the various passwords/passphrases you have in-use.”
Change “default” passwords
“Poor password hygiene is often the root cause of ransomware attacks. For example, retaining default passwords for firewalls make businesses low-hanging fruit for cyberattacks. This is especially true of shared accounts–a customer database, let’s say–when passwords must be easier to remember, or worse they are written down and freely passed among employees. Because password changes can affect the productivity of everyone sharing an account, they are also updated less frequently, negating the benefit of length or complexity rules. IT must help manage these types of accounts, whether by way of a dedicated security team, compliance software or some other established process–to avoid potential vulnerabilities,” said Brown.
Implement multi-factor authentication
“Multi-factor authentication (MFA) can be as simple as a text message sent to a known phone number, an application such as Google Authenticator, or even an old school hardware token. The use of MFA makes the life of a hacker much harder, because to gain access to your data, they need to have something you know (your password) and something you have (your device),” said Brown.
Educate employees
“Educate all members of your organization on good password hygiene, from the intern to the C-suite. End-user education is a sorely underutilized method of further securing an organization’s data,” said Brown. “The numbers consistently show that a majority of attacks actually originate inside the organization, often stemming from things like an employee falling victim to a phishing scheme that introduces malware on the network, DDoS attacks, or accidental end-user errors that stem from an inadequate understanding of potential security threats. The organization’s IT department should be proactive and transparent about flagging security vulnerabilities that could be exacerbated by end-user activities, such as using company email on a smartphone OS that requires a security patch, or accessing a social media profile with a password that may have been part of a larger breach.”
