Top 5 Ways to Ensure Strong Passwords for Employees
Your organization probably has a policy requiring you to update your password at a specified frequency. This is to prevent bad actors from having an infinite amount of time to properly guess your password. But there’s more to password management than frequency requirements.
Whether you’re creating password requirements for your entire organization or simply want to know how to create strong passwords on your own, here are a few key ways to help keep your information safe with password best practices.
- Incorporate capital and lowercase letters, special characters, and/or numbers. Adding these elements to your password requirements increases the amount of possible options a bad actor would have to guess.
- Reminder: When adding numbers to your password, avoid using birthdates, anniversaries or other special dates, and social security numbers.
- Use passphrases instead of passwords. Passphrases do not have to be a proper sentence or grammatically correct – in fact, it’s better when they’re not. Passphrases are even harder to guess than passwords, especially when they’re phrases that make sense to you, but would be a random assortment of words to everyone else.
- Reminder: Passphrases can include spaces, making it that much more difficult for bad actors to guess.
- Don’t use the same password style more than once. If you have a strong password, but only change one letter, number, or symbol every time you have to update your password, you’re basically giving the bad guys even more time to try, while shortening the number of options they have to work through before correctly guessing your password.
- Reminder: Some organizations define the number of new password changes you need to make before you can use a previously used password (or password style) again. Even if this is allowed, consider making significant changes each time and never revisit an old style.
- Determine if passwords can/should be updated remotely or not. Most organizations require employees to be hardwired into the network in order to update their password. This helps prevent people outside the office from accessing the network remotely then changing your password, effectively locking you out. However, with partially or fully remote workforces, you might need to revisit your strategy to determine what will work best for your organization.
- Reminder: Look into a reliable and consistently secure VPN as a potential solution if you need to allow employees to update passwords while remote. Be sure to include policies and procedures around who can update passwords remotely, when, and how.
- Don’t write your password down anywhere. Don’t put it on a sticky note that you leave under your keyboard, on your desk, or in a drawer – this applies to both your work office and/or your home office. Someone – even those you trust or would never suspect – might be in your office and could easily see, take, or photograph your password. The same could happen in your home office, even if you think it’s impossible.
- Reminder: There are secure apps that can manage your passwords, so feel free to do some research or ask your IT Department what might be a good option to help you remember your passwords and keep them stored in a safe place.
Experts also suggest utilizing multi-factor authentication (MFA). While not a component of password change frequency or complexity, MFA significantly decreases the chance of an attacker being able to “brute force” your account to compromise your credentials.