Account hacks are a growing problem. In the past month, hackers have gained control of Facebook co-founder Mark Zuckerberg’s Twitter and Pinterest accounts, as well as the NFL’s Twitter account. In even bigger news, Twitter denied reports of a system breach that exposed passwords of 32 million users, but they locked passwords of users whose accounts might have been exposed.
Compliance and security are becoming more of a challenge every day. Many organizations are required to meet certain regulations and security standards designed to keep sensitive data safe. The constantly evolving rules and auditing procedures can create a headache. However, following these important requirements is essential to protecting an organization from security breaches, lawsuits, loss of trust, large fines, and public scrutiny.
A major component of data security is passwords. Weak login credentials, including passwords, are among the top causes of data breaches. We cannot emphasize enough the importance of password security. We’ve talked before about the importance of an effective password policy, but in light of recent events we believe it’s worth sharing a few more tips:
- Strengthen your passwords. Require your employees to create a unique, hard-to-guess password that does not include any part of their name, the application, business, or the word “password.” Default passwords should also be immediately changed. Passwords must be created with three of the four options available: upper case, lower case, numbers, & special characters.
- Thus, avoid a weak password. Out with passwords, in with passphrases. A phrase that might be easy for the user to remember actually does better than a password. Although it lacks complexity, the passphrase is often longer than a password and easier to remember. Also, do not use the same password or passphrase for multiple accounts.
- Change passwords frequently. We recommend requiring your employees to reset their passwords every 90 days. Passwords that are used more frequently have a higher risk and should be reset even more frequently than 90 days.
- Use two factor authentication. There are three factors that can be used as part of your authentication process, including knowledge, possession, and inherence. For maximum security, it’s a good idea to require more than one factor of authentication. This could be a password along with a one-time-only code, an electronic token, or even a biometric fingerprint scan.
- Implement policies and provide training. If you are relying on your employees to follow a password policy, you should consider training them on password security. It’s important to know how to create a strong password, and more importantly, to know what’s at stake.
- Never write down your password. As we all know, we are expected to remember several passwords throughout the day to perform our job. Never write these passwords down. Instead, save them in an encrypted password vault.
- Keep passwords secure. Never reveal your passwords to anyone. Be suspicious of sites that ask for personal information or a login. Also, always remember to log off of devices, especially when around other people. If you are using a public computer at a hotel or business center, it’s best to be safe and to not type in your password.
The No Jerks team is a great resource for all things related to password best practices or other security concerns. Learn more and contact us today!