Password security has always been a leading cause of successful cyber breaches. Most employees do not take password security seriously and the increased likelihood of compromised data that this brings with it.
Here are the top five password security rules that every employee should follow.
Make your passwords strong
Employees tend to make passwords using simple dictionary words, number sequences (e.g., their birthdays), or even sequential key sequences (e.g., qwerty1234). Imagine how many users do this in the world and how easily they can be targeted.
For instance, all it may take for a work portal to be compromised is a malicious actor pulling data from an employee’s social media account. They enter their birthdate – maybe their pets name as well – and you’re breached.
Instead use strong passwords with a minimum of twelve characters consisting of random strings of letters, numerals, and special characters. Change them every 90 days.
Encrypt your passwords to store them securely
Don’t assume that your passwords are safe because they are written in a document saved on your desktop, phone, the cloud or even physically written down. If an attacker can breach any of these devices all your personal and work-related data is at serious risk.
Consider investing in a password manager. These use multiple forms of encryption to ensure passwords are difficult to crack, and you only need to remember one password to access all of them.
Use unique passwords for every account
Never recycle your passwords! Especially for sensitive accounts such as your bank or government sites (e.g., myGov). Reusing your passwords greatly increases the risk for multiple breaches. You don’t want to have to deal with that. Cyber security revolves around reducing risk.
Get in the habit of using a different strong password for each account. As mentioned, a password manager will save you time doing this.
Only password share securely with full end-to-end encryption.
Typically, you won’t want to share a password via text message or email as these are unencrypted (your work email may not be). These messages can be easily intercepted by a malicious actor.
Use free email services like ProtonMail which provide end-to-end encryption or LastPass which allows you to share your passwords via encryption.
Enable Multi-Factor Authentication (MFA)
If you have weak passwords (which you shouldn’t), MFA will likely save your bacon one day. This pushes a mandatory authentication code via text message or an application-based service which much be input to permit access.
Everyone should make MFA a regular part of their password security habits. However, avoid using text message authentication because they’re unencrypted and vulnerable. Use an application such as Microsoft Authenticator or Google Authenticator.