Having an efficient password policy is critical to the cybersecurity of companies. Since using easy-to-identify passwords is a way to facilitate scams by malicious actors. For the same reason, repeating passwords is a risky practice.
In 2021, more than 8.4 billion passwords from people all over the world were leaked and posted under the name ‘rock you 2021‘ in an online forum. What did they have in common? They used between 6 and 20 characters, without spaces, numbers, or symbols.
Other characteristics of easy-to-steal passwords are: using birthday or algorithms with repeated numbers, proper names, numerical combinations, and the word Brazil are also often found in leaked passwords of Brazilian users, in addition to the sequence 123456.
We have prepared this article especially to help you keep your company protected. In it, we will propose positive actions for an effective password policy. They are as follows:
- Change Passwords Frequently
- Use Software that Alerts You About the Change
- Join an Account Lockout System
- Train Your Employees
- Do Not Use the Same Password for All Accounts
- Create Strong Passwords
- Have a Password Manager
- Adopt Multifactor Authentication in Your Company’s Routine
Read it until the end!
Why Should You Adopt a Secure Password Policy?
We know hackers take advantage of the weakness of corporate passwords in most cyber-invasions.
Therefore, regardless of the size or industry of an organization, it is essential to have a secure password policy. After all, by adopting it, one avoids invasions that generate inconvenience and financial losses, in addition to preventing the company’s credibility from coming into question.
In practice, the password policy establishes rules to be followed by the entire team, ensuring the adoption of security requirements when creating passwords for accessing corporate devices and systems.
In the next topic, we cover some criteria you should adopt when establishing a password policy for your business.
Positive Actions for an Effective Password Policy
You now understand the importance of creating a secure password policy for your company. Now, let’s show you how this can be done. Keep reading our text!
Change Passwords Frequently
It is believed that using the same password in different applications and services can facilitate the access of malicious users, and when we reduce the number of accesses with the same password, we also reduce the possibilities that they are shared and available for access by third parties.
However, the usefulness of this measure has been questioned. Microsoft itself stopped asking for the periodic change of passwords, considering this method useless. According to this report in Isto É Dinheiro, Aaron Margosis, a cybersecurity consultant at Microsoft, stated it is necessary to change the password only if it is stolen.
Despite this debate, the periodic change of passwords has still been recommended, for this reason, we explain about software that emits alerts when it is time to change them in the following topic.
Use Software that Alerts You About the Change
There is specific software that warns about the need to change passwords. They work as follows: when you try to access the computer after some time, you see a pop-up, warning you about the need to change your password to proceed. If you don’t, you will not be able to access the system.
These pieces of software are very useful because, over time, it is very common for people to get comfortable and fail to change their passwords within a certain time.
Join an Account Lockout System
Blocking accounts is a very important practice that prevents access after a certain number of attempts. This feature prevents the user from trying to access a system by testing multiple passwords until they reach their goal. This practice is known as brute force and is often used by malicious attackers to gain unauthorized access to these systems.
To get a sense of the importance this feature has, it is widely used by e-mail services and various websites.
Train Your Employees
If you are at the head of an organization, you should know that in addition to investing in technology to ensure information security, you need to train your employees through awareness and training to make it possible to identify and avoid threats.
Many people are unaware of the risks involved in accessing corporate systems. In these cases, it is necessary to introduce good practices and enforce them to prevent cyberattacks, including password theft.
It is also important that these pieces of training are constant, since technology advances every day, as well as the techniques used by malicious agents.
Do Not Use the Same Password for All Accounts
If someone manages to steal your password from social media, for example, it is very likely they will test it on your other services, causing much more damage if you use the same password to connect to different online platforms.
Therefore, when establishing a password policy, remember to recommend that your employees have a different password for each online environment they access.
Create Strong Passwords
It is not enough to use passwords to access systems. It is necessary to resort to strategies that make it possible to increase the security level of the passwords used. After all, hackers often analyze users and attempt the invasion by testing obvious possibilities such as birthdates, relatives’ names, and short words.
In these cases, we recommend using a minimum number of digits, combining uppercase and lowercase letters, numbers, and symbols.
Have a Password Management Solution
If you follow the fifth and sixth tips in this article, your employees will have to remember a lot of complex passwords, which can be quite difficult. That’s where a password management solution comes into play.
This feature is capable of storing passwords, facilitating the work of users, who only need to remember the password used to access this system. What’s more, password managers still suggest codes that are unlikely to be discovered.
Of course, like all other apps, they can be breached. Therefore, it is essential to use an extremely secure master password.
Adopt Multifactor Authentication in Your Company’s Routine
One of the ways to create a secure password policy is to adopt multifactor authentication (MFA). This solution brings together different mechanisms to prevent intrusions, which are:
- Knowledge Factor: something the user knows, such as a password;
- Ownership Factor: something the user owns, such as a token; and
- Inheritance Factor: something that relates to who they are, as in the case of biometrics.
But remember an important detail: in the multifactor authentication, the mechanisms must be independent of each other to guarantee the protection of a system. This means that if one of the factors gives access to the other, your organization is not protected.
By reading this article, you learned what you should do to create an effective password policy for your organization. Did you like our text? Share it with someone else who is interested in the topic.
ALSO READ IN SENHASEGURA’S BLOG
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.