5 Critical Password Best Practices You Need to Know

We have seen many stories where hackers have gained access to accounts from an easily guessed password (think Donald Trump MAGA2020, Solarwinds123, and Oldsmar Water Treatment as examples). While it seems like it could be something simple, using good password hygiene could help bolster your organization’s cyber security.  Below are 5 password best practices that you need to be using.

  1. Use Strong Passwords

Strong passwords are considered to be at least eight characters long and consist of random strings of letters, numerals, and special characters. Even better, consider coming up with a passphrase that only you would be able to guess.  Your passwords should never include your company name or other personal details, which cybercriminals can scrape off social media channels.

  1. Use Unique passwords for every account

Password reuse is not a unique problem.  Passwords that are long can be hard to remember, so many users choose to use the same password over and over again.  This is a big problem, as “39% of people admit that they use their favorite passwords interchangeably across both their work and home applications.” Additionally, an estimated 543 million employee credentials for Fortune 1000 companies were found circulating on commonly used underground hacking forums on the dark web.  If you haven’t changed your business password in a long while, now is the time to change it to something very different from the last one.

  1. Use an encrypted password manager to store your passwords

Of course, when you use a unique password for every account, it is going to make it that much harder to remember each and every password.  Studies have found that “57% of respondents write down their passwords on sticky notes, and 62% write down their passwords in a notebook or journal.”  Some “49% store their passwords in a document saved in the cloud, 51% use a document stored locally on their computer, and 55% save them on their phone.” The problem with writing it down on paper is that anyone walking by your work are can easily find your password.  Storing your password on your phone or in the cloud presents another problem if those files are not encrypted, as any hacker that is able to access this data will have your passwords. A better solution is to find an encrypted password manager that will store all your unique passwords.

  1. Never share passwords with unauthorized individuals

It goes without saying that you should never share your passwords, especially work-related passwords, with anyone.  Remember the Oldsmar breach was due to a shared work password.  If you tell everyone the key to the door is under the mat, then is it really a surprise when someone breaks in?  If you must share a work-related password with an authorized person, ensure that you use an encrypted method to send the password. Never share passwords over insecure email or text messaging platforms.

  1. Use multifactor authentication wherever possible

Sometimes despite our best efforts, your password still gets stolen. Now what do you do?  Multifactor authentication while not perfect, can help stop 99% of password based cyber crime, according to ID Agent. Simply put, multifactor authentication is an authentication method where the user presents 2 or more pieces of evidence to the authentication mechanism, usually something they have (authentication key or token) and something they know (password).  There are various type of multifactor authentication tools out there to choose from.  Depending on your industry, multifactor authentication is also a requirement for compliance.

Now that you know the 5 best practices for passwords, do you feel confident that everyone in your organization is doing what they can to protect their password?  Have you been doing all you can to protect your password?  If you are unsure, contact Uzado to help you assess your cyber security practices.