Top 10 Best Practices for Password Management

In 2016, Verizon announced that 63% of data breaches were the result of weak or stolen passwords. 93% of these breaches occurred in just minutes. Obviously, appropriate password management is key to secure company data.

And it’s important to stay informed; some practices that are considered best practices, such as forcing employees to change passwords periodically, may not be as helpful as you think.

If you employ a managed IT services consultant, they’ll be able to guide you in your password management protocol and help you pick a path that works for your company.

To get started for now, check out these ten tips for secure passwords below.

Use Passphrases not Passwords

Passphrases are a new technique to keep your accounts secure and harder to crack. Because of the longer character counts, it’s more difficult than your typical one word + numbers password formula for hacking software to crack.

Passphrases contain spaces between words and can function as a sentence or string of randomized letters. It doesn’t have to be grammatically correct and can contain punctuation, unorthodox capitalization, and symbols.

If increasingly complex passwords are difficult for your employees to remember or create, passphrases are often easier to remember for most people. Choosing a catchy phrase or a running office joke is a great way to make it even easier to remember. Base your passphrase off of your culture and your employees shouldn’t find it hard to remember.

The longer your passphrase can be, the harder it’ll be to crack. Most password cracking tools break down at around 10 characters. Most passphrases should be longer than 10 characters and therefore can’t be cracked by brute force.

Mix It Up

Are you the employee at your office with the password: “Passw03d?” Don’t be that person. You can’t make your passphrase too obvious. Be sure to mix it up.

If you base your passphrase off of your company values or mission statement, it’ll be much easier to  crack than a randomized string of words. For example, “horse eats bear for dessert” is memorable, bizarre, and much harder to crack than “Go Swift Systems!”

When using special characters or punctuation in your passphrase, don’t group the symbols together. Adding in “1234” at the end of your sentence, makes it much easier to crack than mixing numbers throughout the phrase. Add in symbols, punctuation, and numbers at the beginning and ends of your passphrase to avoid grouping and create maximum security.

Forget the Mandatory Password Changes

Mandatory password changes are a great idea on paper, until you realize that very few employees actually change their passwords. Oftentimes this is because they’ve had a hard time learning their current password and don’t want to spend the time re-learning a new one. To get around any password-changing requirements, people will add in a single letter, add a little bit of new punctuation, or repeat their old password with different capitalization.

This results in a series of slightly-changed, insecure passwords. It’s much more effective to create one long passphrase that is complex, secure, and easy for your employees to remember than it is to create a constant stream of mediocre passwords.

Don’t Repeat

As we’ve said before, passwords are tough to remember. It’s very easy to want to repeat the same password for your email, work email, laptop, and secure connections. By this point your password is muscle memory, which can make it easy to switch between platforms.

But what happens when your password is stolen? If you have a single password for multiple accounts, you’ll have an outsider reading your personal and work email, logging into your bank accounts, and wreaking havoc on your workplace security – all with one piece of data. It’s bad news all around.

You can avoid this nightmare scenario by creating a different password (or passphrase) for each account. Don’t hand your account data over to hackers. By crafting an entirely new passphrase for each of your platforms, you’ll be greatly hindering their progress and possibly blocking them out of some platforms entirely.

Create a Password Blacklist

Dictionary words. Keyboard groupings. The infamous “Password” or “Password1.” Don’t do it.

A password blacklist can be created by your company and handed out to all employees. The blacklist is an important part of password management and helps your employees choose secure passwords that are tough to crack. “Qwerty” may seem secure because it isn’t a word, but it’s a common choice for people that want a password that’s fast to type and easy to remember.

When choosing a password, you don’t want something that’s common. The more bizarre and symbol-filled your password is, the more secure it will be.

Step Up your Employee Authentication Protocol

Two-step employee authentication is a great way to step up your password management. When you only require a username and a password for logins, it’s relatively easy for hackers to crack open your account. However, two-step verification adds another level of security that isn’t as easy to crack.

You’ve probably encountered two-factor authentication at some point. Have you ever signed into your email account, only to have it text you a code and enter it in? This is two-step authentication. It’s a way for software to identify who you are by utilizing pre-input contact information to connect with you through a different channel.

If you ever receive a text code to access an account, but you weren’t the one who asked for it, you’ll know that someone is trying to access your information without your permission. If someone has your username and password, the second form of verification should stop them from getting access.

You can also up your security authentication with more cutting-edge and secure methods. Biometrics is a completely personalized way for you—and only you—to access your account. You may have seen some of these methods in James Bond movies, or in the latest cell phones. Biometric security includes iris scans, fingerprints, and voice ID. This is a great way to ensure that only something as unique as your iris or fingerprint will allow access into the account.

However, biometrics works best (as do most security measures) in combination with a username and password or other form of authentication. They can still be hacked, and multi-factor authentication can lower that likelihood.

Add Extra Security to your C-Suite

Not everyone in your company handles sensitive information. It’s important that you use the right security measures for the position. C-suite executive positions require more password management than your intern. Naturally, executive staff handle more sensitive information and therefore need a more secure password.

Multi-factor authentication can be expensive—especially if you’re using biometrics. Spend your money wisely by applying biometrics to upper management and other mission critical roles while encouraging the rest of your staff to use password management best practices.

Don’t Skimp on Employee Training

Employee training is extremely important when it comes to cybersecurity. You want your staff to be able to recognize phishing emails and understand how to craft the best password possible. If multi-factor authentication isn’t in your password management budget, then put what is in the budget toward employee training.

Since most hacking attempts target employees, it pays to appropriately train them on how to recognize potential attacks and what type of passwords are strongest. Many may not know the dangers of sacrificing security for easier password management.

Look into Password Management Software

Password management software is a great tool to keep your passwords secure and help employees remember passwords. However, like most things, password management software can be hacked.

According to PCWorld, “a password manager is an app that remembers your passwords for you and stores them in an encrypted vault. One master password unlocks the vault when you need to retrieve a password or create a new one.”

Think of password management software as the sticky note full of passwords that you usually keep stuck to your computer or in your rolodex—only much much more secure.

Ask a Consultant

Password management is not something to take chances with. A professional consult with an experienced IT company will help you figure out the best way to protect your company information and keep your employees up-to-date.

Are you playing the odds with system security and not sure where you stand on password management? Swift Systems’ IT consultations can help guide you in the right direction. With 20 years of experience and a success record of increased reliability for mid-market businesses, our managed IT services can guide you through password management issues and help you secure your mission-critical data.

Don’t take chances. Take the first step toward stress-free IT and contact Swift Systems today.

Let our Specialists take care of your IT Support

3CX VoIP Bundle
The Owner’s Guide to Lean IT

IT systems are foundational to modern businesses. Too often, that foundation is unsteady. Unpredictable outages, insecure networks, and unreliable performance from mission-critical systems can jeopardize your entire business.

There’s a better way. Learn how.

Stop worrying about your IT.
Switch to Swift.

Get in touch with us for a free consultation with one of our technical experts. We'll review your current systems, assess your needs, and identify the coverage options to best meet them.