Do you think your passwords are secure enough? Chances are they may not be. As information security rises on the priority list for most businesses, gone are the days of using generic passwords such as “123”, “abc”, or even “password” to access systems and information. With more and more business data migrating from hardcopy to digital files through scanning, there are serious dangers for users if their passwords are not secure. Sophisticated hackers use many techniques to acquire access to accounts including dictionary attacks and social engineering. Once an account is hacked, it can be abused with malicious orders or information, identity theft, or used to penetrate into corporate firewalls for even more devastation.
“On average, there is a 156 day lapse between the time a computer resource is compromised and
the time the compromise is detected.” source: www.stopthehacker.com
As a best practice, you should change passwords on all sites or systems every 30 to 90 days.
Here are some additional ideas to keep your passwords secure:
- Use a minimum of eight characters – the more characters you use, the more secure the password will be.
- Avoid using “common” words – hackers are adept at trolling social media sites and corporate pages to use commonly used words for you, your department, or your company. Avoid cities, states, hobbies, or even pet’s or relative’s names.
- Use a variety of characters – do not duplicate characters and do not use passwords with all letters or all numbers. Instead mix and match characters with upper and lower case letters, symbols and numbers. Some examples may be @Maz1nG8 or 3Xt@Tik$.
- Make up words – dictionary hacks are dependent on the use of words that are found in the dictionary. Even foreign words could be hacked. Instead use your imagination to invent a new word or phrase that is memorable.
Once you have a password, it’s best to not write it down; try to commit it to memory if you can. It’s also a good idea to use different passwords for different sites so that even if the hacker breaks one code, the others will still be safe.
If you ever have to share your password with someone, change it as soon as possible. For this, we recommend our clients set reminders to change their passwords or have a corporate policy in place for password expiration. You may be familiar with setting automatic reminders on your office voicemail or smartphone to help you remember to update your password every few months.
While no business or individual is completely safe, these simple password precautions can significantly reduce your risks.
Interested in more information on data security? Here are two recent blogs on the topic: