Password Management: Seven Strategies for Better Management of All of Your Passwords

Blog

_audit

Optimize your IT with a free audit

Start with a free IT audit. We’ll review your costs, cybersecurity, and support to uncover ways to cut expenses, boost security, and drive productivity. Book your audit today!

Book IT Audit
May 12, 2021

Password Management: Seven Strategies for Better Management of All of Your Passwords

Passwords are your first line of defence against a world of painful experiences ranging from data theft to ransomware. Unfortunately, most individuals and even IT professionals are guilty of committing several common 'password sins' that can actually compromise the security of their and even their company's information.Consider the following statistics from the 2019 State of Password and Authentication Security Behaviours Report:

  • 81% of all hacking-related data breaches involved stolen or weak passwords.
  • 69% of IT professionals share their passwords with colleagues to access accounts.
  • 51% of IT professionals reuse passwords across businesses and personal accounts.
  • 57% of IT professionals who have experienced phishing attacks have not changed their password management behaviour.
  • 67% of IT professionals do not use any form of two-factor authentication in their personal use, and 55% do not use it at work.
  • 57% of IT professionals expressed a preference for a login method that does not involve passwords.

What are password policies?

A password policy is an established set of rules that have been created to increase password security by encouraging strong, secure passwords that are properly stored and utilized. Password policies help protect your IT infrastructure from intrusion and your data from those who would like to steal it.

Seven Principles of Effective and Secure Password Management

  1. 'Create a long and strong passphrase.

To make it more difficult for hackers to crack into your system, consider generating strong passwords. A strong password is considered to be a password over eight characters in length and consisting of a mixture of uppercase and lowercase letters, numbers, and symbols.

  1. 'Apply password encryption.

Encryption enables your passwords with additional protection that is uncrackable, even if your passwords are stolen by cybercriminals. The most recommended practice is to utilize non-reversible end-to-end encryption. This allows you to protect your passwords even while they are in transit over the network.

  1. 'Implement two-factor authentication.

Two-factor authentication, also known as 2FA, has quickly become the standard in managing organizational resources for both business and personal use. Not only do users input traditional credentials such as their username and password to access their applications, but they also confirm their identity with a one-time code that is sent to their mobile device - usually via email or text message. A personalized USB token can also be used in two-factor authentication. This allows an extra step for hackers to gain access and is usually information inaccessible to them.

  1. 'Add advanced authentication methods.

Apply non-password-based methods such as voice, facial recognition or thumbprint recognition. These methods add increasing difficulty for hackers to gain access into your system.

  1. 'Use different passwords for every account.

Using the same password across the board sets both you and your business up for multiple security breaches. How does it work to the bad guys' advantage? If one account is breached, other accounts with the same credentials are also highly susceptible to being compromised.

  1. 'Avoid the recycling of passwords

Periodically changing passwords, such as every ninety or one-hundred eighty days, has been a widely enforced practice in password security. More recent advice from the US National Institute of Standards and Technology (NIST), however, strongly suggests not to use a mandatory policy of password changes for personal use. (Keep in mind that this advice does not apply to privileged credentials, however.) A primary reason for this suggestion is because most users tend to simply recycle previously used passwords. While strategies can be implemented to avoid password reuse, creative users will find ways around those strategies. Frequent password changes also cause users to write down their passwords in order to remember them, which is NOT a recommended practice. For these reasons, NIST recommends only changing passwords in the event of potential threat or compromise.

  1. 'Use password managers.

Password managers store and even create passwords for your various accounts and automatically sign you in as you log on, freeing you to only need to remember one password. As long as you choose a strong and unique but easy-to-remember master password, you have achieved a near-perfect way of protecting your access credentials from unauthorized users.

Conclusion

Organizations should carefully and thoroughly examine their password security policies and password management as both stolen and weak passwords continue to be the most common reasons for breaches in data. With these best practices, you can create an efficient password security policy and provide your business with stronger protection against unauthorized users.Want some help setting up your password policies or implementing an enterprise-level password management solution? Our team is here to help. Contact us today to begin a no-obligation conversation.

_news

Related Blogs

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

News
Virtual Desktop
Outsourcing
Software
Security
Office 365
Science
Jobs
IT
Computer
General
Future
Business
Blog
Backup

Book a free consultation

Discover more Topics

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

_services

Managed IT Services

Think of us as your tech partner who’s always got your back. Our Managed IT Services keep things running smoothly, prevent problems before they happen, and make sure your tech is working to help your business grow.

Learn more

Security

Cyber threats keeping you up at night? We get it. Our security services are designed to protect your data and keep you safe, so you can focus on growing your business without the constant worry.

Learn more

Hosted Solutions

Need flexibility to scale? Our Hosted Solutions make it easy. From cloud desktops to data management, we help you streamline, save on costs, and stay productive—without missing a beat as you grow.

Learn more

Voice, Data & Hardware

Communication should be easy, right? With our Voice, Data, and Hardware solutions, we make sure your team stays connected and productive. Whether it’s phones, internet, or cables, we’ll set you up for success.

Learn more