Blog

Best Practices: Password Security 2019

November 15, 2019 Ronnie Mize

Did you know that 81% of data breaches occur due to poor passwords? This is a staggering statistic and yet one of the simplest things for you to address. 

What can you do to ensure your passwords are strong enough to drive hackers absolutely bonkers?

Creating passwords to ensure the security of your protected systems and information is one of the most overlooked items when it comes to cyber security. However, with a few simple precautions, we can protect ourselves and our organization from malicious actors looking to wreak havoc.  

Take a moment to review the tips below and begin using them to strengthen your password profile.

  • Create a strong password: over 8 characters both upper and lowercase; do not make them too long

One of the easiest ways to secure is to generate passwords that are more difficult to hack. However, as we do create more complexity, cyber criminals continually evolve in order to bypass these additional measures. With this in mind, it is no longer best practice to simply use a password consisting of alpha characters with a number or special character inserted. What we can do is create additional complexity by adding caps into our password (“AbcD”) as well as special characters and numbers (“Ab@567_cD”).

  • Consider adopting a passphrase instead of using a password

This may actually prove easier than remembering a complex password.

To mix things up even more than substituting special characters, the US National Institute of Standards and Technology (NIST) recommends creating long passphrases that are easy to remember but difficult to crack.

The popular web comic XKCD compared the strength of a complex password—”Tr0ub4dor&3”—and a long passphrase—“correct horse battery staple”. They found that it took only 3 days to guess the password created in with special character substitutions, while the passphrase would take 550 years to crack.

  • Do not use words commonly found in the dictionary

One of the easiest ways for a hacker to compromise a system is by launching an attack that goes through tens of thousands of dictionary words in a few seconds. Use random passwords and stay away from words commonly found in the dictionary.

  • Use different passwords for different accounts

Using the same password for multiple accounts means the hacker now has access to every account that uses the compromised credential.

  • Secure your mobile devices; strong password and fingerprint or facial recognition

We all use mobile devices to shop, work, communicate, etc. This is now a major concern in the security industry as mobile devices are becoming a primary target for malicious actors. Make sure you set your devices up with strong passwords. Use fingerprint and facial recognition technology when available. Set your device up with MDM. In the event it is lost or stolen, Etech security can remotely lock and wipe the unit.

  • Do not store your passwords or write them down

Would you write your bank account number and all access information down on a piece of paper and leave it out in the open for everyone to see? Protect your password. It is associated with your account and your activity. If can be used to access your systems and files. Do not write it down where someone else could see it and possibly use it to compromise systems or breach data.

  • Always be on the lookout for malicious activity

Remain vigilant and aware that cybercriminals are always on the lookout for someone to compromise through weak security controls. Make sure your system is running anti-malware software and report to Etech DTS if the system is behaving erratically or giving you popup messages and/or alerts. Do not click on anything suspicious. Always report anomalies.

  • Use a password manager

More and more businesses and professionals are using password managers as a means of practicing high levels of security and to help keep their sanity. With password managers, you only need to remember one password, as the password manager stores and even create passwords for your different accounts, automatically signing you in when you log on.

Thanks for Reading. Have a Great Week and Stay Secure!