In the past, computer password protocols and protections left a lot to be desired. For example, computer users would often write down their password manually next to their workstation. If a manager asked them to change their password, they’d just swap out one digit or add one character. Despite information technology managers’ best efforts, these lax practices stymied attempts to stay safe from the clutches of cyber attackers. Needless to say, this kind of behavior won’t cut it in our current online landscape.
Current password philosophy dictates that employees create passwords that are uncrackable by human hackers and tougher for machines to decipher. Not sure where to start on overhauling your password best practices? This one-stop guide will help users to adopt strong password protocols for all login situations.
Long Passwords or Pass Phrases Are Better
Longer passwords are harder to crack than short passwords, even if those shorter passwords are very complex. For example, a brute-force password guessing computer program might need weeks to guess an 8-character collection of letters, numbers, and symbols. The same program might never guess a 20-character passphrase that combines common words in a sentence. Long story short: Length increases the strength of a password exponentially.
Use a Password Manager to Create and Store Long Passwords
Security experts routinely recommend using password managers to handle all the heavy lifting that a good password protocol requires. Password managers (also known as password vaults) store passwords and login credentials for multiple websites, no matter how long or varying. The user needs to remember only one set of login credentials to will get into the password manager site.
Making sure you’re aware of all these tools and best practices is part of any effective cybersecurity education. As trends and insights emerge, employers should host training sessions for employees to make sure everyone’s on the same page.
Use Multi-Factor Authentication When It Is Available
Two- or multi-factor authentication (commonly called TFA or MFA) adds an additional layer of protection into a website’s login procedures. Some website users shun this protection because of the slightly more complex login procedures that its requires. But good password protocol suggests that multi-factor authentication should be embraced rather than shunned. With TFA, a user first enters a password that he or she knows. The system then sends a separate one-time code to the user’s phone or other mobile device that only the user can access. The user enters this one-time code to complete the login. A hacker who has the user’s password would only get through the first step, but would not receive the second code.
Stop Reusing Old Passwords
Old passwords are worthless. Switching repeatedly between one or two old passwords provides little protection against a data thief. Regardless of the length or complexity of a password, it should be used once and discarded. More than once, hackers have used technology tools to marry a password from an old account with a new login.
The best password protocols will go a long way toward protecting network users from a cyber attack, but it will not prevent them altogether. Hackers and data thieves are as aggressive in developing new hacking techniques as cyber security experts are in creating new defenses.
Organizations that store and maintain sensitive personal and financial information can further protect themselves from password failures with cyber security insurance. Let’s say your efforts at ramping up your password protocol fail and you become the victim of a cyber attack. An insurance policy would insulate you against large financial loss and liability in the aftermath.
But, as any good manager knows, an ounce of prevention is worth a pound of cure. Beefing up your password from the outset is the best way to keep hackers out.