Best Practices For Password Management
Passwords are the most common protective mechanism used by individuals and companies to protect their data and information. Needless to say, a significant cause of data breaches in organizations is stolen passwords. Hence, passwords must be protected and managed in the right way. Indeed, educating employees about the need to have strong, secure passwords can help a lot in avoiding corporate negligence leading to data theft. Mobile Computer Services, a managed IT company in Raleigh, talks about the best practices to ensure password protection.
1. Length Overrides Complexity
The US National Institute of Standards and Technology (NIST) recommends the use of long passphrases of up to 64 characters to be used as passwords instead of limiting them to 8 or 12 characters. A passphrase is a set of unconnected or connected words that the user can remember as a picture. An example of a passphrase would be: “Yellow water jug, brown table runner & 1 potpourri v@se”. A passphrase should consist of a mix of characters from the different character sets – numbers, alphabets of capital and small cases, and special characters. A passphrase guarantees both length and complexity and is difficult to crack compared to a shorter password.
2. MFA
Many companies implement multi-factor authentication (MFA) to grant access. MFA requires the user to enter a one-time code sent to their mobile devices in addition to the username-password to gain entry. Thus, even if the password is stolen, a hacker cannot get access to the company systems without the one-time password.
3. Password Managers
Password managers are software that generates and stores all the passwords a user needs to log in to various websites and applications. It can be considered a digital book where the user stores all his passwords locked using a master password. This way, users do not have to write and store their passwords anywhere. The software automatically shows the stored passwords for each site for the user to log in and also generates strong passwords while creating new accounts. The master password must be strong to protect the user’s password data in case of theft, such as the recent data breach in the popular “LastPass Password Manager” company.
4. Password Audits
It is a good idea to conduct routine password audits to ensure employee- compliance with the company’s password policies. The audit can also be used to educate employees about any changes in password policies and any recent data breaches across the world that they need to be aware of.
5. Use Biometrics
Biometrics can be used as a part of multi-factor authentication to grant access. Biometrics involves advanced security scanning mechanisms such as thumbprint, facial, or voice recognition to identify users. This mechanism guarantees that the password is indeed unique and requires the person’s presence to gain access.
6. Protect Privileged Accounts
Password access management software should be deployed for granting access to highly sensitive data. Passwords to such data should be injected into the system and not entered by typing to gain entry. Ideally, these passwords should be changed after every use.
7. Other Simple, Yet Effective Practices
- Each account should have a different password.
- Passwords should not be written and stored electronically or on paper where they can be easily accessed.
- Avoid using dictionary/real words as single-word passwords.
- Avoid using direct answers for password security questions.
- Password strength can be tested using an online testing tool.
- Mobile phones should be secured with biometrics or a strong password.
- Companies should change the passwords / remove access from employees who leave.
- IT support can implement password encryption.
- Malware solutions should be updated.
Why Mobile Computer Services?
Mobile Computer Services Inc. at Raleigh provides proactive data and network security for modern-day businesses. The experts at MCS will safeguard your company and its assets from the vulnerabilities of the internet, thereby leaving you with enough time and resources to focus on your business.
Get in touch with your security partner Mobile Computer Services Inc., to avail of the best IT support and IT consulting services today at (919) 830-9448.