Strict password hygiene is a major tool in your organization‘s defense against cybercriminals. While most users have moved beyond “12345“ and “password,” 41% of users admit to using a pet’s name – information likely found through social media. Additionally, 64% of passwords are reused to keep up with the growing volume of accounts we as users have to manage – another critical problem for your business!
Weak passwords exist because of the simple convenience of being easier to remember. Strong passwords should be complex, random, and unique for each account and at least 12 varied characters long. Obviously, not something easy to commit to memory! So how do you train users and ensure they’re creating strong passwords?
What End Users Can Do
Let‘s start with the basics. Here are important password practices to share with employees to teach and inspire better password habits.
1. Don‘t reuse passwords.
If hackers access one account, they could gain access to other accounts that reuse that password.
2. Don‘t leave passwords unsecured.
No post-it notes, notebooks, or unencrypted text files.
3. Don‘t share.
Keep your accounts and your passwords safe by keeping them to yourself. Never give coworkers access. Every employee should have unique login credentials.
4. Make long, complex passwords.
A 7-character complex password can be hacked in roughly 31 seconds. Compare that to a 12-character version that uses upper and lower case letters, numbers, and symbols – it would take 3000 years!
5. Change breached passwords.
The only thing worse than using a weak password is continuing to use one that has been breached! In 2021, 70% of users still reused compromised passwords found in breaches from the previous year.
6. Use a password manager.
If your company offers one, learn how to use it. You only need to remember one password since the password manager will create and store them for all your accounts.
7. Change passwords at least annually.
The more vulnerable an account or site is, the more frequently your password should be changed, but at a minimum, change all your passwords annually.
What Your Organization Can Do
When you consider that more than 40% of all breaches involve stolen credentials, managing passwords for your organization should be a vital part of your security strategy.
1. Use an Identity Access Management (IAM) solution.
An IAM authorizes the right users the proper access to your organization‘s applications, systems, and data. Once you have policies and procedures, adding and deleting access based on roles and responsibilities becomes efficient and quick.
2. Implement Multifactor Authentication (MFA).
Multifactor authentication (MFA) is one of the best security measures to protect against attacks. It forces potential hackers to bypass multiple authentication measures before gaining access to an account. Get it done if you’re still among the 50% of companies that still haven’t implemented it.
By adding a second verification step, you can stop attackers before they access credentials, increasing the chances of stopping an attack before it starts. But because passwords are the main factor in MFA, authentication will be strongest when you also protect your passwords with a credential management solution.
3. Offer and require a password manager.
Passwords generated with a password manager are fundamentally impossible to crack and take things like a pet‘s name out of the equation! A password manager gives you more control over password quality, reduces the need for password resets, and alleviates the issue of reused, shared, or stolen passwords. Use a password manager wherever you can. It’ll allow users to create completely random passwords without having to create or re-type them.
An Offer Worth Considering
WatchGuard recently introduced AuthPoint Total Identity Security. It contains everything you need for a complete MFA solution available as one package. Total Identity Security includes the AuthPoint MFA solution, Corporate Manager, and Dark Web Monitoring services so that you can enforce a strong password policy with the best user experience.
With WatchGuard’s Corporate Password Manager, users can retrieve their corporate, personal, and shared vault passwords using the AuthPoint app and/or browser extension when they need to access their apps or systems. This allows organizations to add non-SAML Cloud applications to the Web SSO Portal for more robust authentication and a smooth SSO experience.
Want to learn more about your MFA and IT Security options?
Talk to your CCB Account Manager. CCB offers security choices that allow you to choose the right solutions for your needs. We‘ll help you get secure and stay secure.