15 Tips for improving password security

2,014
password-for-security-best-practice-tips

For any business, cyber security should be a priority.  In most instances, passwords remain one of the primary security measures for most businesses.  Strong passwords are essential for your organisation’s security. Consequently, paying attention to password security best practices and tips will protect your business against potential data breaches and cyber attacks.

The challenge is to create strong passwords which are easy to remember, without compromising  login credentials or adopting poor habits which may harm your organisation, such as having the same password for multiple accounts.

Why is password security important?

Having a robust password security policy is an important building block for your business’ cyber security efforts.  A strong password will prevent unauthorised access to your business’ electronic accounts and devices.

If someone with malicious intent manages to break or crack key passwords, they could potentially gain access to coporate social media accounts, bank accounts and emails which contain confidential and sensitive data. Therefore, creating a strong password in accordance with password security best practices is vital.

Many organisations don’t realise that there are a number of easily available tools to break passwords. Many of these tools rely on poor password security practices.  Some of the common methods of cracking a passwords are:

Brute force attack: Uses automated software to identify the username and password combination. The software will attempt every possible character combination, trying the most commonly used passwords first.  Consequently, weak or common passwords, such as “Password1234”, are very simple to solve in a brute force attack. This method will eventually identify your password by cycling through every possible combination until it matches the correct character combination.  Brute force attacks can be slowed down by using a complex passwords.

Dictionary: Uses automated software which will run a pre-defined ‘dictionary’ against your passwords. Effectively sequentially attempting every single pre-defined entry in its list.  The dictionary includes a list of most common password combinations.  It can also include translations and names (including various spellings).  Consequently, it is a relatively efficient way of breaking into weakly protected accounts. Dictionary hacks can be thwarted by using a single-use, strong password for each account.

Phishing: The most common type of attack, phishing attempts to obtain usernames, passwords and even credit card details by distributing emails to multiple recipients, often posing as a trusted party such as social web sites, auction sites, banks, online payment processors or even IT administrators.

Social Engineering: Social engineering exploits human psychology, rather than technical hacking techniques, to trick the employees into divulging their password. Social networking sites, such as Linkedin, have made it easier for cyber criminals to conduct such attacks. Cyber criminals can go to social networking sites to identify potential victims and targets, and gathering detailed information to be used to further an attack, taking advantage of the latest news events, holidays, pop culture and even hobbies to lure victims.

15 password tips for better security

Here are 10 password security tips that will support best practice which businesses should encourage their employees to observe:

1. Use different passwords for each account. Using the same or similar password for email, banking, and social media accounts could lead to identity theft.

2. Keep your passwords safe by keeping them confidential. Don’t reveal your password to anyone.

3. Change your passwords periodically, avoiding using the same password for at least a year.

4. Use at least eight characters in your password. A mix of lowercase & uppercase letters, numbers, punctuation and symbols.

5. Strong passwords can be simple to remember yet hard to guess. For example, “2daY1am:)!” contains 10 characters and reads “today I am happy!”.

6. We strongly suggest using a password manager. If you must write down your passwords, ensure they are kept away from your system.  Ideally they should be disguised so it’s not apparent that it is a password.

7. Ensure to log off your system if you intend to leave your device unattended. It only takes a “site visitor” a moment to steal or change the password.

8. Where possible, take advantage of two-factor authentication (the ability to confirm your identity via an additional method, such as your mobile phone), as it will certainly offer an additional layer of security.

9. Keep software and applications up to date with the latest patches to minimise system vulnerability.

10.Keep antivirus and antimalware software up to date on all systems to detect the latest keystroke loggers and other malware.

 

To further improve password security,  employees should observe the following password security tips:

11. Do not use information which is of a personal nature, such as age, birth day, name, child’s name, or favorite song or colour, etc as a password. In a breach last year, nearly one per cent of victims used “123456” as their password, followed by “12345”.  Choices such as “111111,” “princess,” “qwerty,” and “abc123” were also common.

12. For security questions, such as those found when clicking the “forgot password” link, do not use first names as passwords or the names of spouses, chidren, other relatives, or pets. These are simple to deduce with a little research and could be often be found through social media.

13. Avoid successive keyboard combinations, such as qwerty or zxcvb. Also avoid using dictionary words, slang terms, common misspellings, or words spelt backwards.

14. Do not enter passwords on unfamiliar computers or systems, such as hotels. They may harbour malware or key loggers which could capture your passwords.

15. Refrain from entering passwords when using an unsecured Wi-Fi connection, such as at the airport or in a coffee shop. Cyber criminals can intercept your passwords and data over an unsecured connection.

With the size, breadth and complexity of threats you can face as a business, the concept of cybersecurity can be daunting. Our cybersecurity guide for SMEs will provide valuable insight for improving cybersecurity for your organisation.

You might also like