Apr 23, 2018
Like eBay's data breach, organisations are still neglecting to raise awareness for effective organisation-wide password security. By neglecting password security, these organisations are putting their own data at risk. Using weak passwords is one of the most common information security mistakes your employees can make; so to help prevent your organisation from falling victim to a serious data breach, we're taking a look at how to improve organisation-wide password security.
What Makes a Good Password?
Passwords provide the first line of defence against the unauthorised access of your sensitive information and applications. Whilst no password could ever be deemed 'uncrackable', there are a few basic tenets of password security that can help ensure your passwords are difficult to crack.A secure password:
Is a minimum of 8-characters long. The longer a password, the harder it is for malicious attackers to successfully guess. 8-characters should serve as an absolute minimum, and 12-characters or more should be encouraged.
Contains no personal or easily identifiable information. This rules out passwords containing names, birthdays, places and workplace information. All of this information can be easily guessed or researched.
Contains no complete dictionary words. As a general rule, it's good practice to avoid using any whole words within your password. These words can sometimes be guessed by brute force attacks, even if they're supplemented by random characters.
Contains characters from four different categories. Secure passwords will include a combination of uppercase letters, lowercase letters, numbers and keyboard symbols (like ~#@).
- Is never reused. Passwords should be unique to a single application. If you reuse passwords across multiple apps, attackers need only guess a single password to gain access to a wealth of critical infrastructure and information.
Using a Password Management Application
There's an obvious problem with secure passwords: the traits that make them hard to guess also make them hard to remember. With dozens of passwords for dozens of applications, many employees turn to familiar words and phrases to help them remember their login credentials. Thankfully, password management applications exist to help employees manage dozens of separate passwords. Tools like LastPass Enterprise use a single sign-on system, allowing employees to store all of their passwords in a single interface, and login to any application using a single master password. A unique and strong password can be used for each individual application, and then stored for safe access in the password management tool. This prevents the need for employees to use memorable phrases, and reduces the likelihood of individuals reusing their passwords.
How to Reduce Reliance on Passwords
Security can be improved further by reducing your organisation's reliance on password protection. There are an increasing range of supplemental security technologies available to organisations, each designed to offer an additional layer of security. Two-factor authentication supplements password protection with an additional login requirement.
Many organisations use mobile authentication, and require employees to enter a uniquely generated text code for each login session. This approach makes it much harder for attackers to compromise user accounts, effectively doubling the login information required to gain access to secure resources.
Biometrics uses physical recognition tools to provide an extremely hard-to-crack layer of security. Fingerprint recognition is one of the more common approaches, requiring users to authenticate their login with their own unique fingerprints. Some companies are developing similar tools for voice and even facial recognition; and whilst these tools are still in their infancy, they're like to become viable security measures in the near future.
As with most security practices, it's essential to raise organisation-wide awareness of the need for secure passwords. Even if you follow the best practices followed here, no security measures are infallible; and to stand the best chance of protecting your organisation from data loss and attack, you need every employee to be active and engaged in a culture of security.