Password Best Practices

Alexander Darcy
·
12 Oct 2020, 22:08:44 PM

Every now and then, you may think about password security for your team. Let us answer a few questions on practices that increase security. We will also talk about practices that reduce security:

What is the best password policy?

First, try to use a difficult password. You may be wondering, is a longer password better? It’s a start, but not necessarily better.

For strong password security, you need to mix up numbers, letters (some in caps) and special characters. These take a little longer to crack when someone tries a brute force attack.

Also, don’t make obvious inversions of words. A password that is simply spelling a word backwards doesn’t offer a lot of security.

What is a special character password example? y^Kva#93%u$

Make use of a passphrase where you can. This is more like a string of words, instead of just one word, used to gain access. A passphrase works like a password but is longer for more security.

For better password security, here are some other dos and don’ts:

  • Try using different passwords with each service you sign up for. How can you keep track of your different passwords? Get a password manager. This is a software/service that keeps all your passwords in one place for better security. A password manager can also be used to generate passwords.
  • Don’t use dictionary words in your passwords. These words that are easy to spell out give lower password security since they are more prone to brute force attacks. Always jumble up the characters.
  • Additionally, never use any information related to you, especially things like date of birth, place of origin, maiden name etc. These make guessing easier, which is not good for password security.
  • Keep every password and passphrase to yourself. Never share them with anyone. Even people you trust to operate your account may not follow the best security measures.
  • Don’t write down your passwords. Either you memorize them, or store them in a password manager. Pieces of paper or digital notes can be stumbled upon by anyone, undermining your security.
  • Desist from the option of signing in using Facebook, Twitter or Google. Whoever has access to these services can see everything you signed into.
  • Where the option is available, setup multi-factor authentication. This involves entering another piece of information after the password for added security.

There are different types of authentication, many of which involve using a code for the second step. This may be sent via email, SMS or generated by an authentication app.

The codes are usually changed after some seconds for extra security. Make sure no one else has access to the account or device through which you receive your authentication code.

Always stay alert since someone can use a fake website to get your username, password and authentication code.

With social engineering, IMSI catchers and SIM cloning, codes sent via SMS may also be intercepted. Choose the type of authentication with the least weak points. Don’t choose convenience and sacrifice security.

For better password security, try changing passwords and any passphrase regularly. Set a maximum password age. All this can be handled better within a password manager.

With services like MariaDB and Sybase, an administrator can set automatic password expiration to boost security. This limits certain functions on expiry even when logging in is still possible.

Need help protecting your organisation against a cyber attack?  CyberSafe are experts in training employees to become cyber aware and reduce the risk to your organisation of a password hack disabling your operations.