Weak passwords play a part in over 80% of hacking related breaches. Paying attention to your end-users’ password management, including how they create, store and share passwords is a necessary part of keeping your organization secure. Share these five tips with your users to help them become better digital citizens:
1. Use long passwords made up of random characters
Longer passwords are more secure than shorter ones. They’re tougher to breach in a brute force attack, even with the high computing power of current machines.
Setting guidelines for password length and special character requirements can help your users create stronger passwords. NIST recommends using a minimum of eight characters — preferably ones that don’t spell out someone’s name, birthday or your pet’s name! These easy-to-remember passwords are also typically easy to guess through social engineering or because they’re so commonly used. Encourage your team to use the first letters of song lyrics or a password generator tool to create more complex passwords.
2. Create a password policy
Bring this practice to your organization by encouraging your users to check for breaches to find passwords that need to be updated immediately. When updating passwords, make sure your team changes their passwords to completely new ones instead of modifying the originals.
3. Use MFA when available
Multi-Factor Authentication (MFA) is an authentication process where more than one credential is used to verify a user’s identity. According to Microsoft, MFA can block over 99.9% of account compromise attacks.
Add this layer of security to your accounts whenever it’s offered. Whether you’re using an authentication email, text or FaceID, you’re adding to your account’s security by adding the extra step.
4. Use a password management tool to store passwords securely
Popular password managers like LastPass or 1Password can help you safely and securely store passwords and other sensitive information. They can also help secure your accounts by generating complex passwords and auto-filling password fields so you only need to remember a single password.
Learn the best practices for using LastPass to securely manage your team’s passwords.
5. Share passwords and security credentials safely
Sharing passwords online is not ideal, but with remote workers and end users it’s often necessary.
Use a password management tool or encrypted email to share sensitive information across accounts. Never use an unencrypted email, text or IM to send passwords to your users. When possible, invite users to set up their own passwords.
Providing ongoing cybersecurity education and training to your users and keeping your team informed about the current threat landscape will help keep them and your organization safe. HacWare can help by providing automated, engaging cybersecurity awareness training for your team. Set up a demo to discuss your team’s needs and how we can help strengthen your users against cyberattacks.
About the Author
Brita is HacWare's marketing manager. She loves all things cybersecurity and tech and lives in Phoenix where she enjoys the warm weather and spending time with family and friends pool-side.