13 Aug 5 Ways to Better Password Protection
With so many social media websites and apps on the rise. It seems like the average person will have a hard time coming up with multiple passwords that are strong, unique, as they can be a lot of work. Password protection is the first step to secure cyberspace. Which is why security experts will tell employees and HR managers to never use the same password twice, as the first step to better password protection.
Here are 5 ways to better password protect both your employees and company:
1. Make Your Passwords Long and Complicated
Simple passwords such as date of births and easy catchphrases are both easy to remember and easy to hack. The ideal password should be long and made up of random and lower case alphabets, as well as numbers and symbols. But since long and complicated passwords can be hard to remember. And employees often fall into the trap of jotting down their passwords either in a notebook or a spreadsheet. Which could prove to be a fatal trap.
One way to remember long, complicated passwords easily is by creating a long password out of an easy-to-remember phrase. For example, “the cow jumped over the moon” can be rephrased to “Th3 c0W Jump3d Ov3r Th3 m00N”.
In addition to the improper storage of long and complicated passwords, employees often recycle passwords for multiple accounts. Recycling is a concept that is often encouraged when it comes to paper, metal, and plastic materials. It’s imperative to mix up your passwords because when a breach occurs. Hackers will be able to use and store your passwords to access multiple accounts that belong to you (e.g. bank accounts, work emails).
2. Don’t Include Personal Details
Thanks to social media and the desire to make our lives more public, it’s easier for hackers to guess passwords made out of personal details. Details such as pets and children names, as well as dates of births can be obtained easily online. Hackers are known for routinely checking Facebook and Twitter for clues to passwords.
As an enterprise, you can take steps to counteract bad passwords. One way to do is, is by creating a list of banned passwords that your employees are forbidden from using. Some commonly used (and easily guessed passwords) include:
- password
- 123456789
- princess
- welcome
3. 2FA Authentication (Two Factor Authentication)
Also known as multi-factor authentication, the two-factor authentication is a secure method that adds an additional layer of protection. The reason why two-factor authentication is more secure is simply that it makes it harder for hackers to gain access to a person’s account and/or device.
Here’s How the Two-Factor Authentication Works
You will need to provide multiple ways of authenticating before being given access to your account (e.g. email, social media account). This can be done in five different ways:
-
- Knowledge Factor: Authenticating using the knowledge that the user knows. This can come in the form of a password, PIN, or some other type of shared secret.
- Possession Factor: Authenticating through a device such as an ID card, a security token, or a mobile device.
- Biometric Factor: Authenticating using physical attributes the user has. This can include physical characteristics such as fingerprints or voice.
- Location Factor: Authenticating using the user’s location. This information can be tracked using your IP address.
- Time Factor: Authenticating using a specific time window.
- Knowledge Factor: Authenticating using the knowledge that the user knows. This can come in the form of a password, PIN, or some other type of shared secret.
Learn more about 2FA Authentication here:
4. Remove Passwords
The first step to password protection? Eliminating passwords for your enterprise. Of course, you’ll need the help of an IT consultant for this. Alternatively, if you’re an IT-savvy HR executive, you’ll be able to go passwordless.
Microsoft has a very good article on how you can eliminate passwords altogether. Some of the steps taken to eliminate passwords include 2FA Authentication (see above), update hardware by including biometric reader capabilities and finally, eliminating the use of legacy authentication.
Check out the readings below to learn more about going passwordless:
5. Consider Password Protective Programs or Vendors
Sometimes, it’s best to leave the protection to the pros. These are sometimes referred to as password managers – a software application used to store and manage passwords, a user can have for multiple accounts.
Learning to use a password manager is simple. With a password manager, all you need to do is provide a “master password” instead of memorizing the different passwords needed to log into multiple websites. Additionally, your password manager will help you by automatically filling in data such as email addresses and usernames needed to log into different accounts.
To reiterate something we’ve all learned in school, prevention is better than protection. One method used by hackers to obtain passwords from unsuspecting employees is called phishing. Coincidentally, this is also one of the easiest forms of cyber attacks for criminals to carry out.
Click here to learn more about phishing.
Learn more about protective cyber security programs and vendors here:
- 6 Cyber Security Terms Employers are Looking Out for in Resumes
- 5 Cyber Security Best Practices Every HR Executive Should Know
Outsource your cyber security headache to trained tech recruiters with Cyberstein. AtCyberstein, we offer the best manpower available to act as your first line of defense. Find out more about Cyberstein’s services here. Or contact Victor at ([email protected])for more information on how outsourcing and recruiting temporary cybersecurity talents is a great option to consider when it comes to protecting your company, its resources, and reputation online.
Stay informed, follow A Very Normal Company on Linkedin for more news and updates on Cyber Security outsourcing and recruitment in Singapore.