We mentioned in our previous blog article about the impact of remote work on cybersecurity that password practices are even more important than they were before, since your teams are on remote networks that often have a range of cybersecurity measures in place that may differ from home office to home office.
Here are some password best practices you can use and teach to your coworkers and employees.
Start with the Obvious: Choose Strong Passwords
We know, it’s not fun to change your passwords often or to come up with a new word or phrase, complete with letters, numbers, and other characters – but it is necessary. Many people are still using things like “password” and “123” or their address, date of birth, and pet names in their frequently used passwords.
Essentially, if you are telling friends, coworkers, or strangers any information that could be found in your password, it needs to be kept out of your passwords.
It’s easy to get in the habit of using one password for everything but remember: if you put all those cybersecurity eggs in one basket, you’ve just conveniently handed over your entire life should anyone choose to steal your credentials, both personally and professionally.
If you are trying to help educate your employees on the best password etiquette, it may be helpful to create a list of unacceptable words or phrases that are commonly used so they aren’t tempted to create monstrosities like “Password321” and “QWERTY.”
Periodic Password Resets Aren’t Necessary
We mentioned changing passwords often – this is actually not necessary! According to CNet, if you don’t suspect a breach has taken place and your accounts are not experiencing suspicious activity, you don’t have to change your password every 60 or 90 days. That’s even more reason to choose a strong, uncommon password from the get-go!
Use 2FA – And Do It Right
While two-factor authentication can feel like a big annoyance, it’s one of the best ways to keep your files and devices safe. But we have some amendments to this password best practice.
When you enable 2FA, make sure you don’t have it set up to send that authentication code to your mobile device. It’s very convenient to do it this way, and a hacker thinks so too. When you use your phone, for example, for 2FA, it’s like trying to keep your car from getting stolen by hiding your car keys under the passenger mat instead of leaving them in the ignition.
Evaluate What You Put Online
While it’s important not to include things like important dates or family member names in your passwords, another way to keep things protected is not to post that information as freely online. If you must display certain information, try to keep it incomplete – for example, only post the month and day of your birthdate if you can’t remove it entirely.
Sometimes, password best practices include not using a password at all but creating a passphrase instead. The longer and more complex your password is, the better.
Password Storage Best Practices
When it comes to password management and storage, you typically have a choice between online storage and local storage. It’s important to understand that both options are valid – your passwords are going to be protected as well as your choice of system is protected.
While it may seem counterintuitive, for password storage services, free options are often just as good as paid options. But you want to be sure you are using a system that encrypts your passwords, not one that leaves them as plain text.
Another password best practice is to remember that browsers are often attacked in an attempt to gain sensitive data, so browser extensions, like Google’s auto-fill options, are very handy but can also leave your passwords vulnerable.
Upgrade Your Cybersecurity Program
Password protection is one important piece in a much bigger cybersecurity system that includes software and education on best practices.