A strong password is an important line of defense in your company’s cyber security. Do you think the IT guy gets tired of repeated password recoveries when everyone forgets their randomly generated passwords? Or that he gets tired of recovering accounts that have been hacked? Can you afford to lose the information protected by your company’s passwords? So many data breaches are preventable by using strong passwords and storing them correctly.
James Martinos, CEO at Elite IT Partners, Inc, reported that approximately 80% of the tech report calls received when he worked at State Farm were for password recovery because proper care was not given to password creation. With these simple tips and steps, your employees can avoid exhausting the IT guy with password recoveries.
An important factor to consider is the need for a company-wide password policy. This means determining how long the passwords should be, what characters they should include and so on. Complete implementation and enforcement of this policy allows a more complete security of important information.
“It’s important to find that balance between complexity of your password and the security of your password,” says Victor Trujillo, CTO at Elite IT Partners. “This means that your password is kept secret, it’s not written down somewhere where it’s accessible by other people.”
To confirm this point, Victor shared a story about an old coworker named Josh. When Josh first began working for Victor he wanted to test the password security of the employees. The company they were working for had established a password policy for all employees that made the passwords rather complicated. Josh waited until almost everyone had left the office and then went around to all the other cubicles looking for passwords. Josh found that if the password wasn’t written on a post-it and stuck to the wall, it was under the keyboard, desk phone or in the side drawer. Luckily, his search wasn’t malicious. But imagine if a hacker walked through the doors and did the same thing. The amount of sensitive data that could be lost in this case is astronomical.
So how can you find the balance between complex and easy to remember? We’ve got your back.
First, let’s establish some parameters for setting a strong password. The general rule of thumb for passwords is the longer the better. More characters = more secure. Passwords should include a mix of upper and lower-case letters, numbers and symbols. Strong passwords should avoid utilizing what is called a “dictionary word” which are single words or obvious phrases that are easily guessable. For example: apple, house or boat. Passwords shouldn’t just replace letters with numbers such as c0mput3r or 4ppl3. That’s the first thing someone would guess.
The solution to the password problem is more easily attainable than it might appear, first it is important that there be an established and enforced password policy. Afterwards, here is a 2 step process you can share with your employees to help them design their passwords.
Step 1: Take a minute and think of a sentence containing memorable but not sensitive information. Don’t include your birthday, anniversary or account information. Do include a number. Here is a good example: I always know my family is my #1 fan.
This sentence is easy to remember but not personal or sensitive in any way.
Step 2: Take the first letter of each word maintaining the capital letters and special characters. In our example: Iakmfim#1f.
And that’s all, in two easy steps you have a password that is difficult to hack and easy to remember. With this technique, an employee only has to remember one sentence of information, eliminating the need to write down passwords that could get lost… or found.
Need more help on how to protect your business’ sensitive information? Check back for information on more ways to minimize one of the greatest security risks to your company: your employees. Get updates directly to your inbox and follow us on Facebook and Twitter.