Password Management - Ideas and Best Practice
- Published: Friday, 24 January 2020 11:38
Password Management - Ideas and Best Practice
Use passphrases and not passwords
Due to the higher character numbers, it becomes more difficult than a typical word and number formula for hacking software to crack.
Passphrases contain spaces between words and can function as a sentence or string of letters. It doesn’t have to be grammatically correct.
The longer the passphrase the harder it will be to crack. Most password cracking tools break down at around 10 characters, so choose longer phrases.
Think outside the box
Don’t make you password too obvious.
When using special characters or punctuation, don’t group the symbols together but mix it up a little. Add your symbols, punctuation and numbers at the beginning and ends of your password.
Don’t be tempted to use the same password for your email, work email, laptop, and other secure connections etc.
If your password is stolen it then gives the hacker access to everything all at the same time.
Create a password blacklist
A password blacklist can be created by your company to remind all their employees to choose secure passwords.
Whilst an easy password may help those employees who continuously forget them, it also leaves those accounts more open to attack.
Review your employee authentication protocol
2 step authentication, although sounding more complicated, adds another level of security that isn’t easy to crack.
You may have already encountered it if you have ever accessed your email account, only to have it then text you a code that you must enter before accessing an account. Software can identify who you are by using your pre-existing contact details via another channel.
If you receive a text code for an account that you are not accessing, then you will know that someone is trying to access that account. The 2nd form of verification should hinder them from accessing that account, giving you time to ensure that it is secure.
Don’t forget employee training.
You want your staff to be able to recognise phishing emails, and how to structure the best passwords. Since most hacking attempts target employees, it pays to properly train them on how to recognise potential attacks, and what type of passwords are the strongest.
Staff may not actually be aware of the dangers of sacrificing security for easier password management.
Password management software
Can be a great tool to keep your passwords secure, however, like most things, it can still be hacked.
It is an app that stores your passwords in an encrypted vault. One master password unlocks the vault when you need to retrieve one.
Test your password
Use an online testing tool to help you create passwords that are less likely to be hacked.
Secure your mobile
Remember to also secure your phone with a strong password or fingerprint lock.
Change passwords for leavers
Don’t forget to ensure that all passwords are changed as soon as, if not before, an employee leaves your business.
Protect privileged accounts
These are privileged for a reason, as they will usually have access to sensitive data. Ensure that all staff understand the security reasons around this.
Avoid storing passwords where possible
As you go to the trouble of constructing a strong, secure password remember not to throw all of that aside by then writing it down for others to access quickly and easily.
Ensure a secure connection
Firstly, make sure that your wiFi network is secure.
Ensure that all remote workers are provided with a secure connection.
If visitors need access to your network, provide a separate guest wiFi network which is physically or separated from your main network via a VLAN.
Build password awareness
Have a password strategy in place and ensure employees understand it. What may be common sense to you, may not be to all of your employees if it hasn’t been adequately explained to them.
Lock screens when they’re not in use
Ensure that all staff understand the importance of only the authorised staff member having access to their own pc. This is even more important if in a large office, or open site.
Don’t add new pcs to your network without changing the default password
Check that all security procedures you have in place are followed from the start of a new pc being installed, to ensure that there are no weak links in your cyber security.
Don’t email passwords to anybody
Emails are often sent in clear or plain text. That means the content of the email is unencrypted.
Your email is often stored in several systems or servers on its way to you. It will be saved in the sent email of the account it comes from, your own email server, and possibly any other systems or servers it passes through.
Ask a consultant
If you really are not sure, then ask a professional. A consultation with one of us from IT 4 Offices will help you figure out the best way to protect your company data, as well as keep your systems up to date.
Write your password policy based on the systems you have in place within your company, and ensure that all staff understand it
If you need any further advice on the above, then please don’t hesitate to contact us.
Call : 0333 332 6600