How good is your password?

Did you know that having a weak password is one of the biggest security risks you face? This blog focuses on the best practices related to passwords that you can follow to ensure passwords are not your weakest link.

1. Avoid sequences and repetitions: How many times have you used passwords like dollar12345 or $$$BobMckinley. Passwords containing sequences and repetitions are just easier to hack.
2. Avoid using your personal data or that of your family: Do not make birth dates, anniversaries, bank account numbers or addresses a part of your password. It puts your data at stake if your personal information is stolen.
3. Don’t repeat passwords: Make sure you pick unique passwords every time. Unique, not only verbatim, but also in combination. For example, if password one is a combination of number, symbols and letters in that sequence, password two should be letters, numbers and symbols.
4. Manual password management is difficult to keep secure: Invest in a good password management tool. But, manually managing passwords, by writing them down on a spreadsheet is a big NO unless you know how to encrypt and protect the file from compromised access.
5. Password sharing: Discourage password sharing across the organization. Every employee should have unique access to data depending on their role and authority. Password sharing gets things done faster, but can cause irreversible damage.
6. Password policy: Have a password policy in place and enforce it. Automated controls prevent employees from skirting requirements. Consider audits and darkweb scans to ensure compliance and address potential risks before they take root. Also, take corrective actions against employees who don’t follow your password policies related to password sharing, setting, etc.
7. Don’t use dictionary words: Hacking software programs can guess dictionary words faster. The key is to mix things up a little bit–some numbers, some symbols, some punctuation and some alphabets–not necessarily in expected places, such as caps at the start of words.
8. Make passwords a minimum of twelve characters. String together random short words and replace the letters with random caps, numbers and symbols.
9. Beware using publicly available information to answer security questions. Cybercriminals check company web pages, social media accounts and other public sources to collect this info.
10. Don’t access secure accounts from public or shared devices. If you don’t know the security status of the equipment you’re using, don’t type your credentials!
11. Change passwords periodically. The more important the data being protected, the more frequently it should be changed!

Don’t choose passwords that are way too simple just because they are easier to remember, because, more often than not, it can get you into a lot of trouble. By using a password manager or building your own from random words, you can create unique, strong passwords.