As more of us work remotely, the importance of password security has never been more relevant. All that remotely accessible data means that security vulnerabilities are on the rise, and it is up to you to protect your information.
Attacks by cybercriminals have been increasing in recent years and are taking a toll on businesses. The increased security risks and the number of attacks in the future will likely be due to the theft of login credentials.
Cybercriminals can use tools like advanced software and databases to get access to your password-protected accounts.
Numerous password breaches have been reported in large, popular online services, such as LinkedIn, Facebook and eBay, as well as many others. Millions of users’ records have been leaked online for all to see. This means that every password that could potentially be used on these services has also been compromised.
However, smaller businesses are hacked on a more regular basis, often due to the lack of security measures in place. These organisations tend to have the opinion that “it won’t happen to us.” Unfortunately, in these scenarios, it is often a breach that causes a change in mindset, with tighter security measures being implemented post-attack, instead of having the protection in place pre-attack.
But how do you maximise your organisation’s password security to avoid becoming a victim of such cyberattacks? If you follow these 5 simple steps, it will help improve the password security measures in your organisation.
If you are using different passwords for different login platforms (which is highly recommended), it is unlikely you are going to be able to reliably recall each individual one. As passwords become stronger, they become harder to memorise so need to be recorded in some way.
People commonly, and potentially worryingly, use a variety of tools to store their passwords. These include applications such as Word documents and Excel spreadsheets, but also handwritten notes on post-it notes.
By installing a password manager on your device, you will be able to manage all your passwords much more easily without getting confused. This way, it is also harder for others to get in.
Password tools not only allow you to store your business required passwords securely, but they also allow your users to save their own personal password details in their private folders. These folders are only available to them, whilst other folders can be approved for access by specific teams or colleagues.
Many people are tempted to use the same password repeatedly, but this leaves them vulnerable. If someone were to make a breach on one of the websites you visit, they would have access to your other accounts too, meaning that your data could be compromised.
“Credential stuffing” is when hackers use software or bots to log into multiple user accounts simultaneously and create different IP addresses. They test every username and password in the database to check if it matches with any other websites.
One of the most effective ways to prevent your accounts from being hacked is to use a different, unique password for every site and service. It can be hard at times to remember the passwords to all the different sites you have an account on, which is why we recommend using a password management tool.
Protecting your accounts is often a challenge. One of the most effective ways of doing so is by using Multi-Factor Authentication. Having a multifactor authentication process in place can help to ensure that there is a greater level of security and reduces the likelihood of account takeover.
MFA has been a particularly effective way to secure your accounts and stay safe from various cyber-attacks. It can be great for remote working as well. Adaptive Threat Multi-Factor Authentication will take your location and devices into account when it comes to access decisions. For example, if the request is coming in from outside of your network, then it can automatically restrict or block access.
It is true that text messaging in the form of 2FA has gained in popularity in recent times. However, there are other more cost-effective and secure options in terms of security such as traditional MFA keys or third-party authenticators.
Third-party authenticator applications, such as Microsoft Authenticator, Google Authenticator and Authy, enable two-factor authentication in another way. They normally work by displaying a randomly generated code that is frequently refreshed which the user can use, instead of sending an SMS or utilising an alternative method. One of the best things about using these types of apps is that they can work offline too.
Choosing the right password is difficult. If your account gets hacked, chances are you will suffer profound consequences. Therefore, it is important to use a creative and strong password that minimizes the chance of a compromise.
If you are using a password manager, like LastPass, it can generate a strong password for you and store it. That way your passwords are always secure and unique.
If you would like to make your own password, avoid frequently used words and phrases, as well as any repetitive combinations. You should also avoid using your name, a nickname, or anything that too many people know about you. A longer password with at least 11 characters, including upper- and lower-case letters, numbers, and other symbols is a good idea.
It was once advised to change passwords regularly, but it now appears that regular password changes can do more harm than good. Many systems make their users update their passwords every 30, 60, or 90 days.
It is known that when users are forced to change their password often, they tend to use minor variations on the previous one, for example ‘golfbuggy13’ to ‘golfbuggy136’. One potential issue with this is if the previous password was compromised, hackers will be able to access the new password as well. It could also be guessed, so it might not be the best idea to use a previous password that can easily be deciphered.
We understand the importance of changing your password when it is no longer secure. All users should change their passwords as soon as they know their account has been compromised.
As the threat landscape changes and people’s work situations change, it can be hard to keep up with what you need to do to stay safe. As the technology we use advances, it is especially important for you and your team to keep up with password security best practices so that your privacy stays protected.
By implementing stronger password policies for your staff, giving them the tools to manage their passwords securely, and educating them of the potential dangers of weak security, your overall security will be far stronger.
To learn more about our Security solutions, get in touch with one of our IT experts.