Recent world events involving domestic cyberthreats and debilitating ransomware attacks on critical U.S. infrastructure have prompted private corporations and the government alike to place a renewed urgency on cybersecurity and network defense measures.
In a March 21, 2022 press briefing, The White House announced the release of a Fact Sheet containing urgent steps all private sector companies should take to protect their critical services. One of the recommended steps is to safeguard information assets with properly managed passwords across all personal and business networks. With systematic password management, any stolen credentials (username and password) can be rendered useless to malicious actors. Below, we offer practical tips on complexity, frequency, and process needed to create strong passwords.
What used to feel like clever password complexity, such as swapping "e" for a "3" or adding a number at the end of a string of letters are now considered common habits. What is now needed is to make your password longer, less predictable, and more complicated. Here are a few best practices for password creation:
Each unique password should have a 12-character minimum. This can feel like an impractical standard, however, adopting a passphrase method eliminates this issue. A passphrase uses simple words that have personal meaning, strung together in a sentence. This increases the complexity, length, and user recall of lengthy passwords.
EXAMPLE: ToBeOrNotToBe,ThatIsTheQuestion
Most modern applications have a password complexity policy that typically requires passwords to contain alphanumeric, upper- and lower-case, and special characters. As in the example above, the passphrase can be modified to include alphanumeric, upper and lower case, and special character requirements.
EXAMPLE: 2BorNot2B,That1sThe?
Arranging passphrases in a nonsensical manner makes them more difficult to hack. Words in a phrase can be written out of order, backward, or abbreviated. Using the same example passphrase once again, modify the phrase to put the end of the sentence first and it still can be remembered easily.
EXAMPLE: That1sThe?2BorNot2B,
3. Change default passwords on all your network devices.
When bringing new equipment into your organization or home, such as a new router or smart home device, ensure that the default manufacturer's password is changed. The default passwords that come pre-loaded on network devices generally lack complexity and can be quickly looked up by cybercriminals familiar with the factory-applied defaults. Just like personal passwords, ensure it is something more complex and meets your organization's password policy.
One point that should not be overlooked is the concept of 'Password Fatigue' (the overwhelming task of remembering and keeping track of an excessive number of passwords.) This is relevant in business and personal accounts, but there are solutions available to address this problem. Within your business, solutions such as multi-factor authentication (MFA) along with single sign-on (SSO) allow employees to seamlessly and securely connect to multiple corporate apps using just one password for all. For personal password management, a variety of low- to no-cost password management apps are available to relieve the burden of password fatigue while increasing your personal cloud security.
If your organization is looking to develop and maintain a password policy and other critical security policies, we can help. Ask about IT-Policies-as-a-Service, an annual service that enhances your company's focus and attentiveness on security and continuity needs.