Now that the New Year is upon us, it’s a good time for some new passwords. If you’re like most people, your passwords for your accounts have remained the same for longer than they should. So we thought we’d take a moment to go over best practices when it comes to password management.
Passwords become stale and need to be refreshed frequently. How frequently? We suggest updating or changing passwords at least every six months.
When it comes to creating a new password, a common misunderstanding of strength is complexity. In actuality, length is really the most important factor. There’s no need to overcomplicate the meaning of your password. All you will end up doing is confusing yourself. Simply create a long string of key combinations that you can easily remember.
Just because a password’s length is one of the more important factors doesn’t mean that there is leeway for the content of your passwords. The more common or relatable your password is to you, the easier it is to guess for others. It goes without saying to not use your pet(s) or family members’ names as your password.
Don’t Double Up
Don’t use the same password for multiple accounts. This can’t be stressed enough! If someone gains access to your password for one account, not only does that give them access to that account but also allows them easy access to every other account you have used that password with. If you’re working for a big corporation, this is a big problem because it is one of the easiest ways to gain access to corporate data — through lazy password practice by employees who double up on their passwords in their private and professional life. If that sounds too daunting of a task to do based on the number of accounts you may operate, there are password managers available to help.
First Line of Defense
Passwords should often be the first line of defense when accessing an account or thwarting access to an account. This holds especially true for Admins. Relying on a password alone for protection is simply not enough. The use of password protection is typically only sufficient for accounts that don’t hold any sensitive information personally and/or professionally. At the very least, integrating a two-step verification process can help in more ways than just one. The more layers of protection in place, the less strict or stringent requirements can be for the frequency of change or character length requirements.
Don’t Change Your Password Too Frequently
If you change your passwords too frequently, you’ll become lazy and very lax when it comes to the criteria you put into your new password. People become complacent and predictable with their patterns of new passwords when forced to change them too often. It becomes more of a nuisance and daunting task that everyone just wants to be done with too quickly. It also creates a false sense of security by insinuating that the passwords don’t have to be as strict or that adhere to best practices the same way that passwords with a longer life do.
Make sure you are adhering to best practices when it comes to password protection and account security going into 2017. If it’s something that you are aware of having a bad habit with, make it part of your New Year’s Resolution. With the amount of high profile hacks that are taking place, it’s better to be safe than sorry.
If you think your company could use a security overhaul or even just a quick diagnostic overview, don’t hesitate to reach out to us.