Believe it or not, we still talk to people on a routine basis that thinks their digital security is “done” because they installed a free anti-virus program on their computer a while back. Protecting your business from a cyber attack is a much more complicated task than you might realize, which is why we produced this guide called The 15 Ways To Protect Your Business From a Cyber Attack. Having all these different ways to protect your business is called a “layered approach” to security. In this article, we’ll be discussing layer #1 – password management.
As you might imagine, there is a lot to consider as it relates to password management, but it is pretty straightforward. Here’s the outline of what password management covers.
- Use complex passwords or passphrases
- Use unique passwords or passphrases
- Critical accounts deserve better passwords
- Change your passwords
- Use a password manager
Let’s jump into the details!
As mentioned in the 15 Ways to Protect Your Business From Cyber Attack article, the first step in password management is to create strong passwords or passphrases.
Here are some points for creating strong passwords, or passphrases:
- Use a blend of upper and lowercase letters, numbers, symbols, and spaces.
- Make your secret word at least 12 characters long, but the longer the better!
- Avoid using dictionary words or everyday phrases. But, you can take everyday dictionary words and give them a twist. If you really like the word “password” for your passwords, then give it a little upgrade. For example, “Pa$$ w0rD $$” could be a way to mix it up a little bit. That is a 12-character password that uses upper and lowercase letters, numbers, and special characters.
Did you know that hackers have special software to crack passwords?
If you use passwords with all lowercase letters that are only 8 letters or shorter, the password-cracking software can figure out your password nearly instantly.
If you use a 12-character password that has a combination of upper and lowercase letters, numbers, and symbols, it would take 3,000 years to crack the password.
Check out this chart produced by Hivesystems.io to get a sense of how using complex passphrases is an absolute must!
For every website or app that you have an account with, you should have a unique or different password for that account.
This means that you should not use the same password for your Netflix account and your banking website account.
This isn’t just a weird rule a crazy IT guy came up with to ruin your life and make you miserable. There is a good reason for this, and it is quite simple.
It is very common that a large site will get hacked, like Target. When this happens, huge amounts of usernames and passwords get leaked. Now the bad guys know your password and the email address associated with your Target account.
From there, the bad guys can now try that same username and password on all the banking websites, Gmail, Microsoft, Amazon, all retirement management and stock management sites, etc. etc.
If you used the same password on your banking website as your Target account, then you’re in trouble.
The bottom line, use different passwords everywhere.
Critical Accounts Deserve Better Passwords
A password with 12 or more characters that include lower and uppercase letters, numbers, and symbols is obviously a very strong password. When it comes to your more critical or sensitive accounts, you should do better than that though. Consider at least 16 or even 20+ characters.
Your most critical accounts include things like your Windows login on your computer, your QuickBooks account, your retirement account, your banking account, your company financial institutions, your company CRM, your email accounts, and any other account that has sensitive information. Accounts like these are gold mines for hackers, so do everything you can to protect them well.
Finally, regularly change your passwords to ensure that they remain secure. As a rule of thumb, change your passwords every three to six months. This can help prevent hackers from guessing or cracking your password and protect you if your password is somehow compromised.
Use Password Management
If you use a unique and complex password for every account that you have, and if you change that password routinely, I’m pretty sure that nobody has a good enough memory to remember all those passwords.
Don’t write your passwords down on a sheet of paper. Don’t store all your passwords on a spreadsheet on your computer or your phone. Instead, use a professional password manager.
Before I started using a password manager, I tried so hard to not write them down somewhere, and I tried to not enter them into a spreadsheet. I knew that both of those things were a bad idea, but I didn’t know what else to do. Remembering passwords was one of the biggest frustrations in my life.
Now that I use a password manager, passwords are only slightly annoying to me. It’s the safest and most convenient way to store all the passwords to all your accounts.
Feel free to do your own research on which password management tool to use. There are a lot of articles that have been written giving full reviews of all the most popular management tools. The password manager we recommend to our clients is called Keeper.
About AZCOMP Technologies
AZCOMP Technologies opened its doors in 2000 and has been providing managed IT services to companies across industries in Phoenix. Most of our time is spent working on our client’s computers and networks to prevent unexpected interruptions. Our task is to ensure establishments do business with peace of mind. We’re partners to your success!
Contact us today for more info about managed IT services in Phoenix.