As the building blocks of online security in the Information Age, passwords serve as the first - and sometimes the only - line of defence against cyber-crime. Companies and their staff rely on them for both online and offline security, and nothing can match the peace of mind that a strong password can offer.
Here are 10 easy tips to make your passwords stronger:
1) Basic Precautions
Virtually any website or app can be hacked. So, employees should keep a record of where their company email address is used. It goes without saying that passwords should never be shared. Users should log off or restrict access to devices when they're not in use, make sure nobody is watching when they enter their passwords, and only log in from a trusted computer using a secure WiFi connection. Don’t use free WiFi connections in coffee shops, airports or trains, as these usually only have minimal security.
2) Periodical Purges
To tackle password reuse, create unique passwords for all applications, software tools, and websites, changing them every few months and closing inactive online accounts. Every now and then, check on HaveIBeenPwned.com ('pwned' is geek speak for 'duped') to see if personal and business accounts have been exposed in recent data breaches.
3) Software Tools
Reliable anti-virus software doesn't come cheap, but better safe than sorry. Any anti-virus tool will need regular updates to stay one step ahead of the latest malware, but it's worth the trouble. It's important that employees don't download any free apps or extensions to company mobile devices without a thorough check. To minimise the risk of a breach, they should also clear their cache and cookies regularly. Make this part of your company IT security policy.
4) Key Phrases
Passwords need to be memorable, so keywords are very useful, so long as they're not predictable. Personal information like pets, relatives, places of work, hometown, schools, dates of birth, and car number plates are easy to find. Employees should only use them in combination with other keywords, replacing letters and numbers randomly (e.g. 'R1cky's_@wkard_c0nfer3nce_p0se'). It is better to use a completely random strong password, not restricted to alphanumeric characters. (More on this below.)
Think of a sentence that's relevant to the business, the application being used, or the website being accessed. Then take the first letter from each word to make an entirely new word or catchphrase (e.g. 'CLARITY' for 'Click like a robot is trolling you').
6) Complex Strings
Passwords should include not only uppercase and lowercase letters, but also symbols and numbers. And they're getting longer, with 12-16 characters now being the recommended minimum for passwords. Short passwords like 'P@55w0rd' simply won't do anymore. Here's a complex but easy to remember password that connects common words with symbols and numbers: 'Spain_123_Real@321@Estate'.
7) Shapes & Patterns
Keyboard patterns like the V-shaped '5thNji9' make great passwords, but not all apps, keyboards, and devices are QWERTY compatible, so they might not match. For example, to unlock a phone, the 'Z' pattern is 1235789. The same pattern on a laptop is 7895123. Worse still, compact keyboards don't even come with a number pad. The downside is that although a pattern-based password may be hard for a robot to hack, a human hacker may guess the pattern quite easily.
8) Two-Factor Authentication
This involves using two different types of codes on two separate devices. Logging in on one device will only be possible by entering a code from a different device. For example, Amazon asks users to enter a code sent via text message, and many banks require users to enter a pin code generated by a personal number pad. By comparison, Yahoo and Norton ask them to confirm their identity through a mobile app.
9) Password Manager
This can be a stand-alone app or a browser extension. It enables users to store an unlimited number of passwords on a computer or mobile device. This login information can only be accessed with a master password. Devices equipped with fingerprint readers use Touch ID technology to identify the user, rather than a master password. Vet a password manager for security before implementing it across your company devices.
10) Logbook & Locks
With or without a password manager, company codes need to be kept under lock and key. The information can be stored digitally on external disks and drives, as well as manually in company logbooks. Fire-proof and water-proof fingerprint biometric safes are becoming more and more affordable, spacious, and easy to use.
Find Out More
If you'd like to know more about keeping your company information private, contact us.