We’re all familiar with burden of remembering dozens of passwords, both in our personal and professional lives. The fatigue is real! So much so that many of us are aware of the fact that we don’t always practice the best password hygiene. According to a recent LastPass report, while 89% of survey respondents know reusing the same passwords is a security risk, only 12% actually use different passwords for all their different accounts. At the same time, only 33% of people use strong passwords for their work accounts.
Meanwhile, more than 80% of web application attacks involve stolen credentials, and IT security teams spend up to 4 hours a week dealing with password-related issues.
So, what does this tell us? Simply put, that all businesses could benefit from tools and best practices for implementing stronger password policies. Fortunately there are plenty of password management solutions on the market in addition to resources to help us all make sure we’re not leaving our respective organizations vulnerable to breaches and cyberattacks.
5 ways to improve password policies and keep company data safe
#1 Establish a password policy
One way to strengthen password policies is to make sure they’re established in the first place! To be clear, password policies are a collection of rules to help companies increase device and network security. This usually means requiring users to create secure and reliable passwords by setting specific standards. Password policies often describe how passwords should be stored and used and how often they should be updated.
Despite the overwhelming amount of evidence out there showing the importance of strong passwords, many businesses and employees don’t comply. For example, more than 60% of people only update their passwords when and if they’re prompted to do so. A lot of people also tend to use the same, weak passwords over and over again, judging by the fact that NordPass regularly publishes a list of the 200 most common passwords.
Here are a few password best practices to keep in mind:
- Make passwords more complex by including digits, uppercase and lowercase letters and special characters
- Don’t let users reuse old passwords by changing a single character to create what they think is a new password
- Establish forbidden passwords or phrases that are easy to guess such as names, birthdays or usernames
- Require users to create different passwords for each system they use
#2 Invest in a password management tool
Forget about all those passwords you’ve been saving on sticky notes. A password management tool will create and store all your passwords in one safe location. You won’t have to memorize all the login information you use for each site. Instead, you’ll just enter a master password in the tool to access your password vault and it will autofill your login credentials next time you visit the site. Password management tools can also help you generate and save strong, unique passwords when you login to new websites or apps. Since many password managers feature synchronized encryption across devices, you can use your passwords anywhere, even on your phone!
#3 Take advantage of multi-factor authentication (MFA)
Multi-factor authentication is one of the best ways to prevent your passwords from being guessed or hacked. Rather than just using one password to login to websites or apps, users have to provide more information or take a specific action to gain access. This could be as simple as entering a code sent from your phone or a fingerprint scan. MFA protects your account because even if your password does get hacked, the perpetrator will still need to provide at least one more form of authentication to steal your data.
#4 Train your employees
Once you decide to create new password policies, you have to make sure your staff is trained to use them properly. This applies to both new and existing employees. Everyone has to understand why they should use password management tools and they should know the best ways to use them. Make sure your employees know how to generate new passwords and replace old ones that are too weak or have been used before. If your company uses MFA, make sure your employees understand why it’s so important and know how to use it. Training employees can require additional time and resources, but in the long run, this is money well spent.
#5 Follow compliance regulations
If your company deals with sensitive data from sectors such as finance or healthcare, you may be subject to compliance regulations. These types of accounts are often targeted by cyber criminals because of the sensitive data they contain. As a result, organizations such as the Health Insurance Portability and Accountability Act (HIPAA) have specific requirements for password security. Here are a few examples:
- Passwords should be at least 12 characters in length
- Passwords should contain uppercase and lowercase letters, special characters and numbers
- Passwords should be changed every 60 to 90 days
- Password reuse should be restricted
- The principle of least privilege should be applied
- Every user should be assigned a unique identifier (ID)
Take your cybersecurity beyond passwords
As you can see, implementing a strong password policy isn’t really an option—it’s crucial. Cybercriminals are coming up with new methods and technologies every day to expose your user data.
If you’re looking for more information about password policies, password protection, or how to deliver better cybersecurity for clients, check out LastPass or get in touch with Sherweb experts to talk about how to strengthen your security stack. You can also explore our partner guide to see how Sherweb can help support your business with our cloud marketplace and value-added services.