The best password is a strong password, but if you’re having trouble coming up with strong password ideas, you’re not the only one. Protecting all of your accounts and personal information with an uncrackable password discourages hackers.
Over the past decade, password best practices have evolved, yet many businesses and users continue to adhere to archaic recommendations.
Here are the latest password best practices for organizations in 2023:
What is Password Management?
Passwords are a set of characters that users enter in response to web account authentication prompts. Although passwords continue to be among the safest authentication mechanisms currently in use, they are vulnerable to certain security risks if managed improperly. It is here that the role of password management comes in handy.
Password management is a set of guidelines and best practices that users should adhere to while storing and handling passwords effectively in order to keep them as secure as possible and prevent unauthorized access.
Password Management Guidelines
The following recommendations are general guidelines for creating strong passwords:
A secure password must:
- Have at least 8 characters in length
- Contain alphabetic characters in both upper- and lowercase (e.g. A-Z, a-z)
- Have at least one numerical character (0-9) and at least one special character (~!@#$%^&*_-+=)
Strong Passwords don’t –
- Use a word or group of words that can be easily found in a standard dictionary.
- Contain any personal information such as user id, family name, pet, birthday, etc.
Password Management Best Practices
Following are password management best practices every business and every individual must follow:
Understand Strong Password Policy
A password policy is a series of guidelines designed to enhance computer security by encouraging users to generate dependable, secure passwords and then appropriately store and use them. A password policy is typically included in an organization’s formal rules and may be used as part of security awareness training.
Even though most users are aware of the potential risks associated with using simple passwords, they still find it annoying to have to spend time trying to come up with a strong password that fits specific criteria or trying to remember one they already made.
Whenever it is allowed, XO strongly advises using multi-factor authentication (MFA). MFA requires a second element for login, typically a code received via text or a special mobile app. Several renowned services, such as Twitter, Amazon, and Google, support two-factor authentication.
Change the password for that service immediately if you ever receive a request for or notification of an MFA 2nd element. Such a request or notification suggests someone is attempting to enter your account and already knows the password.
By using complex passwords than just one or two phrases that are simple to guess, you can prevent dictionary attacks. Create extra-long passphrases that are very resistant to dictionary attacks and typical brute force attempts by stringing words together in a chain.
Make sure there is no evident connection between the words while coming up with a passphrase. Though random words will elude password-hacking software, however, related words will.
Create Complex Passwords
So, is using a longer password recommended? Perhaps, yes. Short passwords are simple to hack. Try to make your passwords longer for greater security. One of the best strategies to increase password security is to use uppercase and lowercase alphanumeric characters.
You can add spaces, punctuation, or misspellings to your password to make it difficult to predict. By putting all of these into practice, your password will be less predictable. Remember that your password’s length is a critically important feature.
Change Your Passwords Often
By frequently changing your passwords, you can prevent hackers from hacking them. However, changing your passwords frequently has a drawback. We don’t actually mean changing your password every month.
Naturally, you might be wondering when the password must be changed. We would say, at least once in three months. Additionally, if you have disclosed your password to anyone else, you should change it right away.
Do Not Share Passwords
Passwords should never be disclosed to anybody, including managers, team members, or IT staff. Delegation of permission options should be looked into when someone needs access to another person’s protected resources. For instance, if an employee’s computer needs repair, passwords must not be shared even for this purpose. Even for the purpose of computer repair, passwords shouldn’t be divulged. Creating a new account with the IT staff’s level of access would be an alternative to doing this.
Avoid Reusing Passwords
You should refrain from using an old password while changing an account’s password. Reusing a password could result in a user account being compromised once more if it has already been, whether intentionally or unintentionally. Similarly, if a password was shared for whatever reason, using it again could give someone access to your account without your permission.
Don’t Use The Same Password For Multiple Accounts
While using the same password for several accounts makes it simpler to remember your passwords, it can also have a chain effect that makes it possible for an attacker to access several systems without authorization. This is especially crucial when working with accounts that require greater discretion, like your online banking account. These passwords need to be different from the ones you use for your webmail, instant messaging, and other online services.
Securing employee access has never been more crucial as Security magazines have observed – at least 80% of hacking-related incidents are linked to stolen or misused credentials.
Do you and your company follow these updated password best practices? If not, we at XO recommend you do so for the sake of security.