Password Security

For years, we’ve been told that we need to have strong passwords for each online account. Our passwords needed to have at least one uppercase letter, contain at least one number, one symbol, and be 6-8 characters long. Over time, these requirements have remained the same, but the length of the password has changed.

The Problem?

Years ago, the National Institute of Standards and Technology (NIST) published a document stating the best password practices. However, these policies had unforeseen side effectsTo meet length requirements, people created lazy, predictable passwords such as P@ssW0rd1. (If your password is similar to  this, we recommend changing it immediately). While this might seem secure, that’s not the case. A password like this could easily be compromised by common hacking algorithms.

NIST recommended that people change their passwords regularly. Instead of creating brand new passwords, people used the same passwords repeatedly, and simply added a new number or symbol to the end (example: Password, Password1, Password2!, and so on). While these are easy to remember, they’re also easy for hackers and computers to crack.

The Solution

Security experts recommend adding multifactor authentication (MFA) to the login process. Before you log in to your accounts, you must verify your identity in two separate ways. Each time you log in, you’ll have to enter your password and a verification code that you can receive via text message or in an app on your smartphone. In the event that your password is compromised, a hacker still can’t access your account without a verification code.

As an extra precaution, you can implement account monitoring tools. These tools can recognize suspicious activity on an account and lock out any hackers or hacking attempts.

Many experts suggest using passphrases instead of passwords. In fact, they believe your passwords should be at least 25 characters long. If your passwords are a string of random words, such as ” correcthorsebatterystaple” or contain whole phrases, it could be the difference between a hacker getting everything or nothing.

The stronger your passwords are, the more protected your information, systems, and business will be. If you have any questions about password policies give us a call!