If you’re an IT administrator, you know how difficult it is to get employees to create and remember strong, unique passwords for business accounts and technology. Often, users will fall into common habits like using short, easy-to-guess passwords or passwords they’ve already used in other accounts.
Users who do not follow password security best practices leave themselves and the company open to a data breach. To help employees create stronger passwords, protect company assets and make things easier on themselves, IT admins should consider these five password management and security tips.
1. Design a password policy
By creating a detailed password policy that all employees must follow, you can limit access to and protect your company’s resources. For example, you can require that users use long, complex passwords.
Employees will likely be familiar with this requirement, as many websites require a minimum character length, which is generally six characters long. However, longer is better. According to Scientific American, a 12-character password takes 62 trillion times longer to crack than a standard 6-character one.
Also, don’t allow users to include personal information in their passwords. While it’s easier to remember dates of important life events, names of pets and children, birthplaces and other words based on personal information, these clues are easy for hackers to find on social media and public records.
2. Avoid password fatigue
Password rotation is a common practice in password management and security. By requiring employees to change passwords every few months, it would seem to help you stay one step ahead of potential hackers.
However, frequent password changes can lead to password fatigue, meaning that users are more likely to use simple passwords that aren’t secure enough. Also, according to a survey conducted by the Ponemon Institute, 51% of people rotate the same five passwords across their work and personal accounts, leaving them and the company vulnerable to data breaches.
3. Use a password manager
Consider using a password manager to help you and other employees create strong passwords and store them securely. There are many password managers, but they’re not all created equal. In fact, a recent data breach of LastPass has made some wary of using a cloud-based password manager. However, by using a program like JumpCloud, IT admins and users can feel secure about passwords and data safety.
JumpCloud uses a hybrid approach that uses a decentralized architecture that stores enterprise vaults locally on users’ devices. It also syncs users’ vaults to multiple devices with end-to-end encryption on the cloud, offering the best of both worlds. To learn more, visit JumpCloud.com.
4. Check a password dictionary
Many fraudsters use a password dictionary to crack account security by sheer brute force. When employees use dictionary words in their passwords, such as using three short words together, hackers can easily use an algorithm to try different combinations of words until they crack the code.
Have employees check their passwords against a password dictionary so they can avoid using common words, and refer them to sites such as haveibeenpwned.com. If they must use dictionary words, implement guidelines that require they use four or five dictionary words with a mix of other characters. For example, “cloud.novella-candlestick.backpack” is a strong password.
5. Require multi-factor authentication
Many electronics and other technologies now require multi-factor authentication (MFA). Users may have MFA enabled on their phones, tablets and computers, which require them to use their fingerprint, enter a code, or another secondary form of identification in addition to a password. When paired with a strong password, MFA makes it more difficult for the wrong person to access company data.
Password management and security doesn’t have to be a headache or time-consuming. Using these five tips will save you time and help users become more invested in a company’s security.