IT SECURITY GUIDES
Strong password tips and enterprise-level alternatives
Choosing a strong password is essential for business owners. If your passwords are weak, company data may be exposed, your business may lose a lot of money, and most of all its clients' trust. Sadly, many people continue to use weak passwords such as "123456", "qwerty", "password", and so on. Believe it or not, these examples come from ABC's top 100 passwords list, and they have easily made it into top 10. Here's the link to the article, in case that you are interested in finding out what passwords need to be avoided at all costs.
So, how do you choose a strong password, which will guarantee that your data stays within the company premises? The obvious step is to pick a password that is hard to guess. Don't use common words, even if you add some randomness to them by including some numbers, for example. So, avoid using passwords such as "Facebook1980", to give you an idea. That password may look okay, but it will get cracked within minutes by any brute-force attacker which makes use of a dictionary.
These days more and more companies utilize password managers. While I don't dislike them, I wouldn't entrust my passwords to them. Most password managers store the data on their companies' servers, and if those servers get hacked, your passwords will quickly fall into the wrong hands.
To increase the level of security, create a password that uses a mix of lower and uppercase letters, numbers and special characters. Don't use any spaces in your passwords; most accounts don't support them anyway, and even if they do, you may run into trouble when the password database is upgraded. Here's a good password example: wDr!F24@3D64,m. To be on the safe side, create passwords that have at least eight characters. In fact, I always recommend choosing a password that's got at least 12 characters; computers get faster and faster each year, and thus brute-force attacks become more and more powerful.
Passwords like the one above are almost impossible to crack. So, once that you've gotten a strong set of passwords in place, ensure that no one shares them with other people. This may happen if one of your employees emails the password of a particular account to a coworker, for example. A hacker may intercept that email, and then get access to the account.
You should always use different passwords for different accounts. It is sad that so many employees utilize the same password over and over. This means that if a hacker finds out the "master" password, he or she can easily access any company account.
Finally, ensure that all the passwords are written down on paper and kept in a safe place. You should never keep your passwords in a file that is stored on a computer; they will be exposed the minute an attacker gets access to that PC.
Big companies should use stronger security mechanisms, of course. Security tokens, be them at a hardware or software level, are an effective solution. They create one-time passwords which are based on a random number that is generated by a central server. Amazon Web Services uses this mechanism to generate 6-digit unique access codes for people who install a companion mobile app on their phones, for example.
Two-factor authentication is also popular. It uses a combination of two factors to log users into their accounts. Often, these two factors are a password and a one-time code that is sent to the user's phone through an SMS.
Biometrics-based access is also recommended. While biometric features aren't unbreakable, they can significantly increase the overall security level, because they are based on the user's unique features (fingerprints, face characteristics, and so on).
It's quite clear that we will need to move away from traditional passwords soon. Fortunately, we've already gotten several powerful options, which will hopefully be used by more and more businesses in the near future.
Almost 50% of cyberattacks target small businesses.
NEED HELP WITH YOUR COMPUTERS?
