For World Password Day on May 7, 2020, we are sharing tips, best practices and information to help you create more secure passwords and understand why this is important.
Intel created World Password Day, observed the first Thursday in May, to address the critical need for solid passwords. This year, it’s more relevant because cyberattacks are up as record numbers of employees work from home during the coronavirus pandemic.
"Passwords are a common form of authentication and are often the only barrier between you and your personal information," according to the Cybersecurity & Infrastructure Security Agency (CISA). "There are several programs attackers can use to help guess or crack passwords. By choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information."
Roughly 80% of hacking-related breaches involve compromised or weak credentials, according to the 2019 Verizon Data Breach Investigations Report.
Despite the inconvenience, it is imperative that every organization adopt a unified and well-defined password management strategy. Practice safe password creation methods backed by a corporate password protection policy that is consistently and effectively enforced.
"Going through the process of changing passwords can be painful, but in almost every case having a password breached will be worse," said Eric Gethicker, senior systems engineer at AM Data Service. "Just remember, when you change your toothbrush, it’s time to change your passwords."
Start by making your passwords unique and unpredictable using the password tips below.
1. Avoid predictable password formulas.
Don't use an individual word, name or date in your password. Use a mix of character types and make your passwords as long as possible. A good way to avoid using words is to use an acronym. It's secure because it can't be breached by a dictionary attack and it's easy to remember.
Another option: A passphrase or sentence you can remember easily. Watch this video to learn why you should do this and how you can choose a secure phrase or sentence you can remember.
2. Use a unique password for each site.
If a security breach happens, the damage would be limited to the website associated with the leaked password.
3. Use a password manager for truly random passwords.
The only truly secure password is the one you can’t remember. Password managers are the only way to accomplish this.
4. Use multi-factor authentication (MFA).
It is one of the best ways to hack-proof your accounts because others can’t access your accounts even if they know your passwords. We recommend Duo Security to our clients. Our 20+ employees also use Duo. Duo offers several plans, including a free option. For more information, go to https://duo.com/.
See the U.S. National Cybersecurity Awareness Month’s how-to guide for multi-factor authentication.
"Without multi-factor authentication, passwords may be the only line of defense between your data and the outside world," Gethicker said.
5. Say no to Post-its.
Do not stick a Post-it note to your computer, phone, mouse pad or keyboard that contains your passwords. This occurs more often than you'd think. If you write down your passwords anywhere, make sure they are locked up so they can't be found on your desk.
Password best practices
- Change passwords every 90-120 days
- Do not reuse old passwords
- Complexity requirements:
- Don't use any part of your first, middle or last name/initials
- Use at least one uppercase letter, lowercase letter, number AND symbol
- Use at least 10 characters
These are just some of the basics you can follow as the first step in your journey to securing your data. Don’t allow the increasing number of security threats prevent your organization from thriving.
There's no guarantee these password tips and techniques will prevent a cybercriminal from learning your password but they will make it more challenging.
We invite you to contact AM Data Service for a corporate password policy review. We can also provide related resources and recommend a password manager that’s right for you. Call us at (734) 744-5300 or email us at firstname.lastname@example.org.