Password management is one of the hottest topics of recent years in Internet security, particularly as it applies to businesses. Through the first two decades of standard Internet usages, there has been one inexorable truth discovered: Nobody can possibly remember that many passwords, especially once it became the standard for all of the upgradings with capital letters, symbols, numbers, and non-arranged letters.
Remember when your password to the company used to be ‘Skywalker77’? Fast-forward 20 years, and now your password looks like you fell asleep when your hand elbow on the keyboard (sdl;jkfals518lsjk(kks1!).
Fortunately, just as it appeared, people would just have to give up on knowing all their own passwords, cooler heads prevailed, and there started being more and more logical ways to preserve one’s own passwords without writing a laundry list of usernames and passwords and stuffing it in your pocket.
With passwords lost and found taking down such powerhouses as Target, a need to found and find a list of best practices has become more and more prevalent, here is a closer look: Best Practices for Password Management
Use a Password Manager
It seems fairly obvious, but then if that was the case, there would be a whole lot less work for a lot of people. Password Managers like Dashlane do what the human brain cannot remember a bunch of long, complicated passwords for every site you frequent and also change them on a routine basis that will be virtually impossible to figure out.
The best news is that the human on the outside of this big box only has to take care of one thing: Remembering on a master password that might be a bit lengthy, but is usually a series of words familiar enough for you to knock them down and put them in order.
Avoid Periodic Password Changes to Personal Accounts
This has been mentioned as a password security best practice for years, but studies have shown that it can be a serious security risk. This because when users are forced to changed passwords periodically, they tend to either repeat old passwords or alter them slightly. Even if you implement strategies to prevent password re-use, users will still find a way around it.
The other threat posed by this policy is that since it’s hard to remember many passwords, users may end up writing the passwords down, which is a huge security threat. The latter can, however, be dealt with by using a password manager.
Blacklist Common Passwords
Hackers usually use a database of passwords to try the most popular passwords, dictionary words, and hacked passwords. It’s, therefore essential to ensure that your employees don’t use the same passwords by blacklisting them. This way, you will also prevent the use of weak passwords that can be easily guessed by malicious individuals. Apart from that, it’s also crucial to add a limit on the number of times failed logins can be allowed before the login function is disabled.
Use Different Accounts & Passwords for Different Levels of Access
It’s always good practice to use different accounts for varied roles. This should be determined by the tasks that an account is meant to carry out, and the privileges that should be assigned to the account. This is because if a single account can access different areas of the system, a breach of that single account can have dire effects on the organization. The other important aspect of this practice is to separate work and personal accounts.
Use Two-Factor Authentication
Two might not seem like much more than one on a number line, but when you’re talking about doubling the number of passwords you have to guess out of seemingly endless supply, you’re talking about a hacker’s worst nightmare. The best thing about two factors is that it’s not simply entering one number and then a second number. They’re sourced from two different locations, making it next to impossible to intercept them both and use them concordantly. Statistics will show you that a hacker can guess a password using the right equipment in less than 10 days, but when you add in the second factor, that time can go up past a million years.
Add Advanced Authentication Methods
Apart from two-factor authentication, it’s also important to leverage biometric verification. This type of verification is easier and doesn’t require the use of passwords on low-level accounts. Users, therefore, won’t have to deal with the complexities of password creation and password management.
Identification and authorization can be done through fingerprints, facial recognition, voice recognition, iris scanning, etc. This type of authentication can also be used as part of two-factor authentication to complement passwords.
Protect Privileged Accounts
Privileged accounts require additional protection. This is because, unlike user accounts, these accounts can access sensitive data and carry out various privileged actions. Such means that breaches through privileged accounts can have detrimental impacts on the finances and the reputation of the company.
Unlike personal accounts, passwords to privileged accounts should also be regularly changed. The accounts should then be managed with privileged access management software integrated with single sign-on (SSO) capabilities.
Use a VPN to Encrypt Password Transmissions
A virtual private network (VPN) is a nice trick that many companies use to encrypt their information if they don’t trust the network they are sending it on. The VPN will encrypt anything you’re typing, such as a password, and won’t decrypt it until it’s at the website you’re visiting. It’s a great way to stay absolutely safe, especially if you are using public WiFi somewhere like an airport or a coffee shop.
Train your Employees
It’s usually said that users are the weakest link in security, and this also applies to password management. Some employees don’t know the dangers that login credentials can cause when they fall into the wrong hands. Some do not even know how to identify security threats such as phishing emails, and others don’t understand the strength of a password.
It’s important to direct some resources towards training employees on good password policies and teaching them how to recognize potential attacks as well as what to do next.