3 steps to a secure password
There’s a lot of talk about cybersecurity and all the recent data breaches. Big headlines but you know what’s missing? Some basic advice for small businesses about how to keep their IT systems secure.
In this post, I’m going to tell you the 3 simple steps you should implement today to create a secure password for yourself and something you can share with your colleagues.
As an added bonus – you’ll learn the password security method that makes things simple. Hence, you are not having to remember multiple passwords or create a new password every other week.
Step 1: Password vs Passphrase
Think passphrase instead of a password. A passphrase is a series of words instead of a traditional password.
Here’s an example of a passphrase: “AustralianFootballLeagueIsTheBest”
This is much easier to remember than something like “$@d32vpa” and guess what? It’s more secure.
The reason for this is due to the length of the password.
A lot of hackers out there use brute force methods of attacking.
In this method, they run software to guess the password. However, the longer the password, the more time it takes to imagine.
Having a passphrase with multiple words combined takes years to crack instead of a few hours.
You’ve probably been told to change your password on a regular basis. This is often preached as good practice. But research has shown that this is not the case.
The reason for this is due to users just changing part of the password when asked on a regular basis that they must change it. This often turns out to be changing the last few characters or incrementing a number at the end. I was guilty myself of this method until the logic was explained to me.
The other reason frequent password changes should be avoided is you tend to forget new passwords sooner. That leads to users writing down their passwords on a post-it note or similar.
It totally defeats the purpose of what you’re trying to achieve!
Thus, best practice is to ask employees for password change only in case of potential threat or compromise.
Create a password blacklist policy.
Hackers will sometimes implement what’s known as a dictionary attack on your network and cloud services. In this method of attack, the hackers use a list of the most common passwords people use to force their way into your business systems.
It’s surprisingly easy to do and a very common security weakness.
It is good practice to show this list of common passwords to your colleagues. Inform them of easy to guess passwords that should not be used.
Depending on the IT system your business is using, you can also enforce the blacklist of passwords that can be created on the actual system itself. This is, however, the last resort and best to use the person method as employees can also implement the rule on their personal accounts and email also.