[Tips & Tricks] Best Practices for Password Management
First, I want to provide you with some statistics from the 2019 State of Password and Authentication Security Behaviors Report, which compiled the results from a survey of 1,761 IT and IT security practitioners:
- 69% share passwords with colleagues to access accounts.
- 51% reuse passwords across their business and personal accounts.
- 57% who have experienced a phishing attack did not change their password behaviors.
- 67% do not use any form of two-factor authentication in their personal life, and 55% do not use it at work.
- 57% expressed a preference for a login method that does not involve the use of passwords.
In 2018, Verizon reported via its annual Data Breach Investigations Report (DBIR) that 81% of hacking-related data breaches of data breaches were the result of weak or stolen passwords.
Businesses must accept that a strong password policy is the best line of defense against unauthorized access to their critical infrastructure, at least for now.
Obviously, appropriate password management is the key to secure company data. And it’s important to stay informed; some practices that are considered best practices, such as forcing employees to change passwords periodically, may not be as helpful as you think.
To get started for now, I’m going to discuss some of the password policies and best practices that every organization should consider implementing.
1. Using the same password for all important online services
It is crucial to use different passwords for different platforms to stay safe. Using the same passwords makes it easier for hackers.
2. Using old passwords or pins to secure new services
Always avoid old passwords while setting up a new account. This is because hackers can always manage to get a list of expired passwords from the darknet through any database leak.
3. Storing passwords on online docs
After you have set a new password, never store it as a simple text document as a draft in your email or anywhere online.
4. Saving passwords on internet browsers so that you don’t have to remember them
Always avoid saving or allowing Chrome or any other browser to remember your passwords. This makes all your passwords vulnerable in case you visit any malicious website or there is malware in your system.
5. Not using two/multi-factor authentication makes your profile vulnerable
Two/multi-factor authentication offers an extra layer of security and makes it harder for hackers.
6. Use Passphrases not Passwords
The longer your passphrase can be, the harder it’ll be to crack. Most password cracking tools break down at around 10 characters. Most passphrases should be longer than 10 characters and therefore can’t be cracked by brute force.
7. Using birth dates, anniversaries or any other types of dates as your password
Always avoid using any important dates as passwords or pins as these can be easily guessed. For example, if your birthday is on 13 Feb, don’t use 1302 or 0213 as pins.
8. Using any type of names as passwords
Avoid using names of cars, planes, famous people, friends, etc as passwords. Names can again be possible to guess and is one of the most common mistakes.
9. Using any phone numbers as passwords
Using phone numbers as passwords is the most common mistake people usually make.
10. Not changing passwords frequently makes your profile vulnerable
If you don’t change passwords occasionally then it makes you vulnerable to hacks.
11. Test Your Password
Make sure your password is strong by testing it with an online testing tool.
These are the advice that continues to be repeated by some of the foremost IT Service experts. The "good" password policy dictates:
- A minimum length of 8 to 12 characters long, with long passphrases being even better
- Password complexity that means it contains at least three different character sets (e.g., uppercase characters, lowercase characters, numbers, or symbols)
- Password rotation – Passwords must be changed every 90 days or less
- Use of account lockouts for bad passwords, with a limit of 5 or fewer bad attempts
Final Thoughts on Improving Password Security:
Passwords and pins still continue to secure all digital services be it email, social media, banking, e-commerce apps and others. While the secondary methods of authentication like biometric and two-factor have developed, we are still somewhat left to use passwords for almost everything that we do digitally.
Passwords have changed only slightly over time and regularly crafting stronger passwords (plus having to remember them) can be a real pain. But taking the time to create stronger passwords is undoubtedly less of a hassle than dealing with the fallout of being hacked.
With the best practices I have provided in this blog, you can create an effective password security policy and provide stronger protection against unauthorized access in your organization.
In today's world, password management is evolving considerably and password managers represent one of the safest solutions to safeguarding your authentication information.
Download our Password Manager Pro solution to store, manage and safeguard sensitive information such as passwords, documents and digital identities of your business.