How to strengthen your business’s password policy

How to strengthen your business’s password policy

Even though it might seem like an insignificant consideration, maintaining a strong company password policy is crucial for every organization -- from government offices to small- and medium-sized businesses.

To many people, passwords feel like an annoyance. They feel inconvenienced when they are asked to update their login credentials and pick something easy to remember. Unfortunately, that mindset puts your business data at serious risk.

Why are password policies so important?
Ironclad user authentication is one of the many things that stands between your business and a malicious data breach brought about by cybercriminals. Without a basic understanding of how to create robust login credentials, the best hardware and software in the world won’t do a thing to protect you from a negligent employee.

As a business owner, it’s your responsibility to prioritize the creation of a password policy that guarantees the highest degree of security for your network protocols. But don’t worry, there are several quick and easy steps you can take to force employees to do their part in protecting the company.

Update your password requirements
Over the years, numerous studies have analyzed lists of passwords, and most have come to the same conclusion: The average person will reuse the simplest, easily-guessed passwords. In fact, according to this list of the most common passwords, 91% of all users sampled used a password from the list of the 1,000 most common passwords. That may sound like a long list, but hackers can use “brute force” attacks to try tens of thousands of passwords per minute.

Obviously, the answer is mandating more complex passwords and forcing users to regularly update them. To beat the best password-cracking algorithms on the market, users need to use a combination of lower and upper case letters, numbers, punctuation marks, and other special characters.

Hands holding white smart phone with security on the screen

Reasonable “lock-out” rules
Even incredibly complex passwords have limited effects on brute force attacks. The most obvious way to thwart such a threat is by setting accounts to lock after a certain number of failed log-in attempts. Consider factors such as the sensitivity of the account, how likely authorized users are to enter the wrong password, and how much goes into helping locked out users.

For example, some companies find that ten attempts is an appropriate cut-off for most accounts, while others might find that woefully lenient. It all comes down to how much of a target your business is, which is yet another reason to sign up for a free IT consultation.

Enforce regular password updates
Many security experts recommend updating passwords on a regular basis. The Complete Technology team only recommends this strategy if you are 100% sure that employees aren’t falling back on old, non-compliant passwords as they find it harder and harder to keep up. Although monthly updates sound great in theory, three- and six-month cycles are more reasonable..

Install multi-factor authentication
As a more recent advancement in the field of user authentication, software that requires a secondary identifier is another great way to beef up security. In simpler terms, multifactor authentication requires your users to provide a password and another form of identification.

The most recognizable example of this is a bank card. The password is your PIN, but it means nothing unless you have the card to go with it. Requiring multiple identifiers makes it much harder for employee accounts to be compromised.

There’s one thing that hackers have an ample amount of...patience. It’s only a matter of time until they successfully crack weak passwords that allow them to steal, destroy or share your business’s most vital data. If you have any questions or are interested in setting up a password policy for your business, contact Complete Technology today!

FREE eBook: The SMB's Guide to Cyber SecurityLearn More Here
+ +