Today, security should be a concern for every business regardless of size. Verizon’s Annual Data Breach and Security Report found that 81% of hacking-related data breaches involved either stolen or weak, easily compromised, passwords. Password protection should be at the top of every IT security team’s list.
Here are a few best practices to implement that can help to strengthen against common password threats.
Use Long “Passphrases”
Combining letter, numbers, and symbols to create passwords was an accepted safe practice for years. Today, hackers use available tools that can easily crack simple passwords that substitute numbers for letters like H3LL0 (hello). The US National Institute of Standard and Technology (NIST) recommends creating long “passphrases” of up to 64 characters that are easy to remember, but difficult to crack; for example, “horse boot butter board.” The NIST found that it took only 3 days to crack a password that substitutes numbers or characters, while a passphrase, like the example, would take 550 years to crack!
Create a “Blacklist”
Hackers tend to begin attacks by running a database of popular passwords, dictionary words or previously cracked passwords. The NIST encourages businesses to use the same lists to create a “blacklist.” By comparing your team’s passwords to the list, you can help prevent employees from using weak, easily cracked passwords.
Use Advanced Authentication Methods
While passwords are still the predominant type of authentication, new technology emphasizes non-password based methods. Users can be identified by biometric indicators like facial recognition, voice, iris, fingerprint or touch.
Apply Password Encryption
Encryption keeps your data safe even if it’s compromised by a cybercriminal. The most common forms – reversible or one-way encryption are ineffective. A hacker that obtains a password database can easily crack the passwords it contains. The best practice is end-to-end encryption that is non-reversible. This will protect passwords anytime in transit over your network.
Weak passwords are like locking the front door but leaving a key on the porch table. Talk to your team and encourage them to adopt these procedures. With these best practices, you can create an effective password policy that will add another layer of protection to your network. Give us a call to learn more.