Replacing Passwords with Passphrases
The most tempting passwords are the ones easiest to remember: “1234” or “password.” But their popularity makes them the most vulnerable to hacks. Using a phrase with multiple words will extend your character count and increase your security.
Consider using phrases like “Correct Horse Battery Staple”. It’s the example from this comic that beautifully illustrates the advantage of a passphrase.
Password Policy Guidelines for Business
10 Character Minimum
Use a mix of letters, numbers, capitals, and symbols. That said, you don’t need it to be so complex that you can’t remember it. The number of characters is more important than the mix of characters.
For just a touch of complexity, substitute a couple of letters with numbers and symbols. For example, us an @ for an “a” or a ! for an i, or a 3 for an E to created phrase such as: @tL3astT3n!
Update Every 3-6 Months
Depending on the sensitivity of your data, you may need to update your passwords more often for security or even regulatory reasons.
No Repeating Passwords
Using a different password for each of your accounts creates layers in your security. If all your passwords are the same, one breach is actually one hundred. It only takes one domino tipping to knock down the rest.
Require Two-Factor Authentication
Two-factor authentication occurs when an application or service sends a verification code to your phone or email, after you’ve entered your login credentials. Then, you simply enter the code (which is usually short, 10 characters or less) and you’re logged in.
Password generators and storage
While a sticky note under your keyboard isn’t the worst form of password management, there are much more sophisticated and secure methods. Reputable vendors include 1Password, LastPass, and even Google Chrome.
When you use an application, you only need to remember one “master” password and it generates extremely complex passwords you won’t remember and a computer couldn’t guess in 500 years. It records all these passwords for you to access when you sign in to various accounts.
Our best practices still apply to your master password.
Your data security is worth the trouble.
Contact us at [email protected] for any questions on passwords and password management.