Passwords remain one of the most critical security controls widely used around the world today to protect and secure company’s infrastructure and data. Passwords have been around for many years and will continue to be for many companies the difference between a secure infrastructure and a potential cyber catastrophe.
In 2016 cyber crime has been an extremely busy year with more than 3 billion credentials and passwords stolen and disclosed on the internet. This means, almost every internet connected user has been impacted by cyber crime in 2016. That’s 95 passwords stolen every second or 8.2 million credentials and passwords each day.
The Internet of Things’s growing rate of Internet connected users and the acceleration of social logins, social networking, and online services are causing the use of passwords to accelerate significantly. Currently today with approximately around 90 billion passwords in use this is expected to grow to around 300 billion passwords by 2020. Passwords are definitely not dead and not expected to go away anytime soon.
It is important to stay up-to-date with the latest news and password best practices. Together with Cybersecurity Ventures we have launched PASSWORD NEWS to keep you updated with all the latest security issues, password breaches, and password best practices to keep one step ahead of cyber criminals.
Below are 9 easy steps to get in control and make passwords continue to be strong and secure People are hard to teach and hard to retrain out of shortcut habits. Let us help you educate.
These are the 9 steps to start your year off right with password security company-wide. And, we put them together in an easy to remember acronym: GET STRONG.
1. Go with encryption: Passwords cannot be left in plain text ever and especially not in an Excel document. Always store passwords with encryption.
2. Escape complexity: Focus on teaching your end users to use longer and more easily remembered passwords, like password phrases. Don’t let them get bogged down with having to remember special character requirements.
3. Teach employees: Continued training is critical and is the most important step to your policy being implemented. Make sure your users understand their role, prepare quarterly reviews, and make it fun with incentives.
4. Size matters: The longer the password, the harder for the hacker to break. It’s simple, make human passwords at least 8 characters long and systems passwords 12-50 characters.
5. Trust no one: 2-factor is a must! No matter the size of your organization, there are a two-factor options like RADIUS tokens, DUO, or Google Authenticator.
6. Rotate often: Don’t let those human passwords go unchanged for more than 180 days. And for system passwords, they need to be changed every 30-90 days. Setting a reminder is essential to ensure they are rotated timely. Note: In order to do this, you must use a password manager. Forcing a user to pick a new password themselves leads to things like patterns in passwords.
7. Omit duplicates: Use a unique password for each of your accounts. The same password should never be used more than once!
8. No cheating: Remembering a long password can be difficult, but don’t allow password hints. These just make it easier for hackers to get in.
9. Get a vault: Start using a trusted password manager to enforce strong password best practices. This way, users can always generate long and complex passwords, never have to remember all their passwords, and if you use a vault for your IT team, you can find one that automatically changes your admin passwords. When it comes to IT, automation is key to preventing a breach!
Visit PASSWORD NEWS to never miss an important password announcement today!