Defeat Hackers with Strong Passwords!

Cybersecurity encompasses your network, computers, staff training, email protection, and more. These tools protect critical data and information from cybercriminals. Hackers, scammers, and other criminals are constantly developing new and ingenious tools to attack security systems and bypass existing defenses. Even if your technology is perfectly secure against attacks, there’s one guaranteed way for cybercriminals to succeed: weak passwords and password policies. 

If you’re trying to protect your home, you might have a security system with alarms and cameras. These are like firewalls, email protection, and network monitoring: they warn you when intruders attempt to gain illicit access. If, however, you give someone a key to your house and the code to your alarm system, they’ll have an easy time getting in. This is exactly how password security works.

Weak or common passwords open the door for cybercriminals to access your secure data and information. Follow these techniques to help secure your accounts, strengthen your passwords, and protect your business from cyberattacks:

Physical Security

The first thing to consider with password security has little to do with passwords themselves. After all, it doesn’t matter how secure the password might be if you hand it directly to a cybercriminal. Passwords should never be written down on physical media like sticky notes and notebooks. It is incredibly easy for someone to see passwords displayed like this. 
A clever cybercriminal could pose as a patient or customer, potential vendor, or even a business partner coming into your physical business. If there are passwords littered around the office, these cybercriminals may leave with much more than a business card.

Character Types and Length

The first technique for securing passwords themselves is something most everyone has heard before: increase length and complexity. There are two general requirements for passwords: 

• Minimum length of eight characters 
• At least three of the following character types: uppercase, lowercase, special, and numerical

While these are a fine start for passwords, remember they are the minimums. Each character added to the length of a password makes it exponentially more difficult to guess if multiple character types are being used. 

If a cybercriminal tries to brute force attack your account, he will have to check every letter (upper and lower case), number, and special character for each potential letter in your password. As you can imagine, even adding one additional character can dramatically increase the difficulty in guessing a password. The modern expectation of a password is currently 12-15 characters.

Unless you have an incredible vocabulary, you probably don’t know many memorable 12+ character words. So how do we increase the length of the password without forgetting it or writing it down?

Use Pass Phrases; Not Words 

In the first days of virtual accounts and security, an eight-character password was more than sufficient to deny almost any cyberattack. Now tools like AI have given cybercriminals an edge in guessing passwords and breaking into accounts. To level the playing field, cybersecurity developed a new defense: pass phrases.

Where a simpler password will be limited by your vocabulary and memory, a passphrase can be quite long and still highly memorable. A passphrase is several words put together to create an idea unique to you. For example, if you had several pets you could use: “MyHouse1sAZ00!”. This passphrase is highly memorable, unique, and goes above and beyond the minimum requirements of a password.

Password Managers

One of the critical requirements of strong passwords is to never use the same password twice. Yes, that’s right. Every single account you have should use a unique 12-15 character passphrase with an uppercase letter, lowercase letter, number, and special character. This requirement can often feel ridiculous or extreme, especially considering how many accounts people typically have at a given time.

Here is where the power of password managers comes into play. A good password manager will allow you to record all your accounts, passwords, and even notes about the account in an always-accessible and encrypted cloud environment. Passwords can be shared with other staff, auto filled into login forms, and pulled up on your phone or other devices.

An effective password manager empowers you to have a unique secure passphrase for every single account and you don’t even have to remember them! There is, however, an even more powerful tool for password security.

Multi-Factor Authentication

Despite all these security tools and techniques, if a cybercriminal does manage to steal your password, then that’s it. He has unlimited access to your account from anywhere in the world. Multi-Factor Authentication (MFA), however, can stop the damage of a password theft in its tracks.

An account with MFA setup will send a confirmation of your identity after the correct password is used to login. This can take the form of a text message, automated phone call, email, or even a simple notification on your phone. No matter the method, the effect is the same: your account is protected against password theft. If the cybercriminal does not have your personal phone or access to your MFA method, he can’t access your account even if he has your password.

MFA adds a few seconds to your login but can save everything. It’s worth the time!

Interested in Password Security? We Can Help

Navigating the world of cybersecurity is incredibly difficult. It can feel like a full-time job to keep up with security trends, best practices, and cyberattack prevention. Our team of security experts can take the weight of IT security off your team’s shoulders, empowering you to do what you’re best at: running your business.

Whether you’re interested in learning more about the security techniques and tools above, or you’d like a free IT audit, let’s talk. We’d love to connect on how you can use IT to grow your business and protect the things you care about!