The fallout from the Heartbleed bug has brought renewed attention to the issue of passwords. Despite ever-more-sophisticated security threats, the humble password remains a first line of defense for your systems and network. It is absolutely essential that everyone in your organization use strong passwords and follow password best practices.
Unfortunately, many users have yet to heed this warning — two of the most common passwords among consumers are still “password” and “123456.” To ensure that employees don’t bring these bad habits into the workplace, it’s important to establish strict password policies and enforce them throughout your organization.
Here are eight recommendations for making your organization’s passwords more effective.
- Make passwords long and complex. This may frustrate users who demand simple, easy-to-remember passwords, but a network comprised due to a cracked password will be much worse. Instead of a password, think of it as a passphrase that’s at least eight characters in length. Use a mixture of lower-case and capital letters, numbers and special characters.
- Use a different username and password for every login. Hackers look for username-password combinations. If a hacker learns one combination that is used multiple times, or even a common password, the damage done can quickly turn from minor to devastating.
- Require employees to use separate passwords for business and personal use. Hackers who gain access to personal email or other personal login information will attempt to use that information to access that person’s corporate account. This is particularly true when employees use their personal mobile devices to access company resources.
- Keep passwords secure. Don’t write passwords down or share them. Instead, use a password management tool so that you have just one strong password to remember.
- Change default passwords immediately. When a default password is provided, the user is almost always advised to change it and given instructions about how to do so. Heed that advice. Many times, default usernames and passwords are so easy that hackers can guess them without any effort.
- Revoke credentials when an employee leaves. Deactivating a former employee’s account is only one step. You also need to determine whether this employee had access to shared passwords or password-protected systems, revoke those credentials, and change the appropriate passwords.
- Limit access to administrator passwords. The best way to ensure that administrator accounts across your organization are properly controlled is to limit the number of people who have access to these accounts. This applies to your social media accounts as well.
- Monitor your systems for remote access attempts by former employees. The experts at Atlantic-IT.net can help you identify suspicious activity and take appropriate action against unauthorized individuals who are trying to gain access to your network.
A single cracked password can be disastrous. Money, credibility, reputation, sensitive data and competitive advantages can be instantly lost or damaged. Creating strong, unique passwords, regularly changing these passwords, and controlling access will make your organization much more secure. Call Atlantic-IT.net, your outsourced IT department, if you need help developing, implementing or updating your organization’s password policy.