by Dave Fuller
Estimated Reading Time: 3 minutes
Did you know that specialised computers can crack an 8-character password in 6 hours?
Hackers are patient people, and yes, your business is vulnerable. Even small businesses serve as a gateway into larger corporations, and cybercriminals tend to pursue the path of least resistance to reach their goal.
You can imagine we’ve had a few questions from concerned clients about how to establish an effective password policy within their business. It’s a good question since it means that the company is already beginning its journey to a comprehensive network security strategy.
Let’s walk through basic password best practices and then review the most important elements of a successful password policy.
So what’s a strong password?
There are many best practices as far as password creation goes:
Diversity – Never use similar passwords across multiple accounts—this is a hacker’s dream since it creates a very real single point of failure.
Length – Set a ten character minimum for your network passwords.
Characters – Require a combination of symbols, letters, and characters (yes, all of them).
Authentication – If available, use 2-factor authentication for sensitive data. The most common form is a password followed by a security question.
Changes – Forcing too many password changes will lead to confusion, and to bad practices like users writing them down on paper notes, and often leaving them in plain site.
Key elements of a successful password policy
Now you know what your network passwords need to look like, you can begin to enforce your password policy. There are two main elements to this:
Education – Train your existing employees on creating proper passwords, if you have to, bring in an outside resource to make your point. Make it part of your employee induction process. Work with your IT team to enforce parameters so that your systems reject passwords that don’t follow your policy. Make security a part of your business culture, make no exceptions to the rules that you’ve established.
Tools – “How am I supposed to remember all of these complex passwords?!” chances are you aren’t setting your team up with the right tools. A good strategy for remembering complex passwords is to base your characters on a short phrase. For example, “I go home at 5:30 pm” translates to the password “[email protected]:30pm.” (This is also far more secure than more predictable letter/symbol swaps, like using “@” in place of “a,” and “!” in place of “i.”) Another effective method is providing your team with password management software to keep all of their passwords straight. A few good options are DashLane, Keeper and LastPass.
We at Accent have got your back, we’re happy to give advice or work directly with your IT team to define and implement a robust and secure password policy. It will take a more than a little effort to set your policy in motion, and you’ll probably find yourself up against some resistance while your team adjusts to the changes. But when you consider what’s at stake, the effort is going to be worth it.
Armed with a BA Hons Arts Degrees and decades of experience as a Web Developer, Dave manages all aspects of Web Design and Software Development at Accent and is also our technical guru.