For anyone that uses a computer regularly in business knows that when you turn on your computer you need to log in with a password. For years now we have become used to the need and action of entering a password to access our computers. Even certain parts of the business network, not to mention all the online accounts each of us has. But are passwords really secure? Recent studies are showing that passwords are not really all that secure but why?
“Lazy Passwords are a problem”
A good question to as is are your passwords secure? And are you using the best most secure methods of creating a truly secure password? We are all familiar with a password containing capitalization, numbers and special characters. They might even seem secure, but people being people we often opt for easy or “lazy passwords” like P@ssW0rd01!. Secure right? Well, maybe not hackers often use algorithms to guess or crack these easy to remember passwords in attempts to gain access to your information. Remember passwords that are easy to remember are also easy for computer hackers to guess.
So, What’s the Solution?
More and more companies are adopting a multifactor authentication login process. This requires users to present two valid credentials to access company data. An example of this would be if code is texted to your employee issued mobile phone to help stop hackers.
Some business is even taking security a bit further by implementing 25 or more character passphrases. Like “thelazydogbelongstotheirlfromroom315”, or “sallywalkedtwelveblocksget2563blocksofbutter”. All which are harder to guess and much less prone to hacking.
But how often should you change the passphrases you ask?
Each company needs to weigh its options and overall risk when incorporating catchphrases and how often they should change them. Less tolerance to risk then you are likely to change the passwords more often.
But the important thing to remember is that passwords should be longer and use nonsensical words, numbers, symbols, making it almost impossible for automated systems to make sense of them.
Can I do anything else?
• Utilize account monitoring tools whenever possible. Which can recognize suspicious activity by locking out potential hackers?
• Use a single sign-on and monitor users’ activity.