Some Useful Reminders on this World Password Day
You already may have seen others touting the fact that today is World Password Day.
It’s sort of corny, sure, but there’s never a bad time to review and tighten up your organization’s password security hygiene so in the post that follows, we have put together some useful article links and summaries as food for thought on the subject.
As we wrote here on our own blog recently, password complexity is not enough; complexity and length are the keys to maintaining secure credentials.
In one interesting study highlighted in the article, we shared that a standard 8-letter, complex password can be cracked by today’s processors in less than an hour. Lengthen that password to 12 letters and the hacker’s program would need 3,000 years!
Just think: could any step be simpler and less expensive than extending the length of your typical password?
Are Frequent Changes Really Right for You?
You should change your password every 90 days, right? Ehhhh, let’s revisit that concept.
Actually, you may not realize it but it has been a few years since NIST changed course and recommended against the frequent changing of passwords.
Why? From a user’s perspective, frequent changes make the current password hard to remember. What does that lead to? Using the same password across multiple sites – a worst case scenario in case those credentials are breached.
Read more on this topic here.
Password Managers – Yes!
If you really want to secure your network, give your employees a password manager.
Password managers are apps that generate new, random passwords for all the sites you visit. They store these credentials for you in a secure virtual vault. Then, when you visit a site or open an app where you need to log in, the password manager automatically fills in your login name and password for you.
The best password managers let you know if your existing passwords are weak, reused, or have shown up in a data breach.
The best news: password managers are as inexpensive as they are powerful.
Still not convinced? Read more and get on board.
How About a Passwordless Environment?
Passwords are familiar to all of us and it will take time for people to get used to the idea of a truly passwordless environment. However, there are numerous reasons for a company to stop using passwords. Here are some of the benefits:
- Reduce the risk of a breach: Passwords are one of the easiest and most common attack methods used by bad actors.
- Avoid the domino effect: Many customers reuse passwords, so a company won’t be as exposed if they share a customer with another company that is breached.
- Eliminate storage concerns: Without passwords, no database is at risk of being compromised.
- Lessen identity theft: One in ten Americans currently fall victim.
- Create a better customer and employee experience: It’s faster when users don’t have to remember a password.
How does an organization migrate to a passwordless culture? Read more to find out.
Bottom line: good password hygiene is vital. Make a plan for cleaning up your password environment today!