Password Best Practices and Password Policy

Replacing Passwords with Passphrases The most tempting passwords are the ones easiest to remember: “1234” or “password.” But their popularity makes them the most vulnerable to hacks. Using a phrase with multiple words will extend your character count and increase your security. Consider using phrases like “Correct Horse Battery Staple”. It’s the example from this […]




Replacing Passwords with Passphrases

The most tempting passwords are the ones easiest to remember: “1234” or “password.” But their popularity makes them the most vulnerable to hacks. Using a phrase with multiple words will extend your character count and increase your security.

Consider using phrases like “Correct Horse Battery Staple”. It’s the example from this comic that beautifully illustrates the advantage of a passphrase.

Password Policy Guidelines for Business

10 Character Minimum

Use a mix of letters, numbers, capitals, and symbols. That said, you don’t need it to be so complex that you can’t remember it. The number of characters is more important than the mix of characters.

For just a touch of complexity, substitute a couple of letters with numbers and symbols. For example, us an @ for an “a” or a ! for an i, or a 3 for an E to created phrase such as: @tL3astT3n!

Update Every 3-6 Months

Depending on the sensitivity of your data, you may need to update your passwords more often for security or even regulatory reasons.

No Repeating Passwords

Using a different password for each of your accounts creates layers in your security. If all your passwords are the same, one breach is actually one hundred. It only takes one domino tipping to knock down the rest.

Require Two-Factor Authentication

Two-factor authentication occurs when an application or service sends a verification code to your phone or email, after you’ve entered your login credentials. Then, you simply enter the code (which is usually short, 10 characters or less) and you’re logged in.

Password generators and storage

While a sticky note under your keyboard isn’t the worst form of password management, there are much more sophisticated and secure methods. Reputable vendors include 1Password, LastPass, and even Google Chrome.

When you use an application, you only need to remember one “master” password and it generates extremely complex passwords you won’t remember and a computer couldn’t guess in 500 years. It records all these passwords for you to access when you sign in to various accounts.

Our best practices still apply to your master password.

Your data security is worth the trouble.

At first, this seems like a lot of hassle to fix something that isn’t broken. But weak passwords invite ransomware attacks and viruses that could bring your business to a screeching halt. 

Contact us at techsupport@omnistech.com for any questions on passwords and password management.

Similar posts