When it comes to information, there isn’t a lot that’s more valuable than a password.
You might think of bank details, email addresses or trade secrets. But think about where that’s usually kept. Inside a user account, in a secure folder, on your CRM etc. In this blog we’re going to look at how to make your passwords more secure.
The right password enables access to an email account, which in turn can reset all other passwords. Or worse, that same password is used everywhere because it’s easy to remember, and one slip has breached multiple accounts.
Given that phishing emails rank as the top cyber threats, it’s increasingly common for someone to unsuspectingly give out their password. Cyber criminals are pros at cracking passwords, but if they can write an email to get access, they’re going to. Your staff aren’t cyber security experts, they need a password they can enter quickly and remember easily.
Password protection can’t just be removed. It’s still a fantastic way to secure your systems. So how do you make your passwords more secure?
Three things:
- Password complexity.
- Password policies.
- Password managers.
Let’s explore these in more detail.
Password Complexity
It should come as no surprise that more complex passwords are harder to crack. The more letters, numbers, and special characters there are, the more secure your password. But making passwords more complex also makes them harder to remember.
But the industry standard has changed, and now the recommended password structure is easier to remember, and much harder to crack. Passphrases are the new best practice, possibly increasing the time to crack to millions of years.
This passphrase should be made of 3 words, separated by special characters. It can even be a phrase familiar to you. For example “Blog-Password-Complexity” would take centuries to crack. Whereas “Complexity123!” Would take just hours.
To make sure your password/passphrases are properly supported, your company needs a solid password policy.
Password Policies
A password policy is, quite simply, a policy to establish a standard for the creation, protection and management of passwords.
The key things to include are rules on complexity, which we’ve discussed above, and management.
Management of passwords includes guidance on storing them, renewing them, end user training and automatic lockouts.
Typically, employees are asked to renew their password frequently. The thinking is that this makes the password harder to guess, or to deny long term unauthorised access. In reality it encourages poor practice, users tend to re-use the current password with very minor changes.
Instead, the recommended policy is to have a much more secure passphrase that expires much less often, typically, every 180 days (6 months).
It’s also recommended to monitor log in attempts. This will help you provide end user training to individuals who regularly struggle, and implement auto lock-outs for inactive users or failed log in attempts.
If it sounds like a lot for your employees to remember, don’t worry, that’s where our next tool comes in.
Password Managers
A password manager is a software application or service that will securely create, store and manage passwords. It helps you generate strong, unique passwords for each of your accounts and provides a convenient way to access and use those passwords across multiple devices and platforms without having to try and remember them.
Here’s how a password manager typically works:
- Password Storage: A password manager securely stores all your passwords in an encrypted database. This database is protected by a master password or passphrase, which only you know.
- Password Generation: Password managers often include a password generator tool that can create strong, random passwords for you. These passwords are typically long, complex, and difficult to guess, which improves the security of your accounts.
- Cross-Platform Syncing: Many password managers offer cross-platform syncing, which means your passwords are available across all your devices, including computers, smartphones, and tablets. Changes made on one device are automatically synced to all your other devices.
- Security Features: Password managers often include additional security features such as Multi Factor Authentication (MFA), biometric authentication (e.g., fingerprint or face recognition), and secure password sharing with trusted contacts.
By using a password manager, you can significantly improve your online security by:
- Using strong, unique passwords for each of your accounts, reducing the risk of a single password compromise leading to multiple account breaches.
- Protecting your passwords with encryption and a strong master password, making it difficult for attackers to access your sensitive information.
- Streamlining the login process and reducing the temptation to use easy-to-guess passwords or reuse passwords across multiple accounts.
Summary
As specialists in the alternative investment sector, we would highly recommend using all three of these systems to make your passwords more secure, building the best defence for your business and your clients. It’s an industry that’s very attractive to cyber criminals and one where the trust of your client is paramount. That said, if you can add just one of these processes to your security arsenal, you’re immediately reducing your vulnerability.
To find out which products we can recommend, and to get our help implementing them, reach out today.
