You can better protect your business by implementing and enforcing a password policy.
When it comes to passwords, there is a constant conflict. Organizations and users have been plagued by the same issue for years. A password is less secure the easier it is to remember! Due to this issue, several companies started demanding users to create passwords that were longer, more complex, and had more special characters and numbers.
This burden of complex passwords means that many people pick one “strong” password and use it for everything, from their Netflix account to their work email. The problem with this strategy is that if one that password is stolen, an attacker will then try and use it to log into every service or website they can think of.
Implementing A Password Policy In Your Organization
The following are some policies that businesses can put in place to increase the security of their passwords and ensure that people are using separate, unique passwords for each login.
- Implement Two Factor Authentication (2FA/MFA)
Two factor authentication, (often known as multi-factor authentication, MFA, or 2FA) describes the use of more than just a normal login and password to get access to a system. This extra step could be a tangible object like a USB key, a code created by an app like the Microsoft Authenticator, or a code sent to your mobile in an SMS message. With 2FA in place, a hacker would need physical access to your phone in order to login, even if they had your username and password.
- Avoid Forcing Frequent Password Changes
In the past, many businesses and services required customers to change their passwords every 30, 60, or 90 days. Contrary to widespread belief, this actually encourages unsecure password user behavior. Users who are required to change their passwords often end up selecting less secure passwords or simply reusing their earlier passwords with minimal variety (like adding a 1 on the end). It is better to employ the techniques shown in this list and then limit the frequency of these password changes to once a year.
- Implement Password Manager Software
You can save thousands of passwords in a secure “vault” with password managers like LastPass. This is secure password vault is protected with a single, extremely strong password (many users will choose an entire sentence as a “pass phrase”). Because you just need to remember your master password, for the individual account password you can use incredibly secure individual passwords using random letter, number, and special character combinations that your password manager will create for you each time you need to choose a password.
- Go Passwordless
Passwords are easy to use, but that also makes them easy to break. There are other options that are also worth considering. Both cloud-based single sign-on systems and biometric logins that use information like your fingerprint to confirm your identity are practical choices. They require a little more expertise to implement, but they are more secure than using a password.