+1-202-802-9399 U.S. Headquarters

Thycotic’s CyberSecurity Publication

POPULAR CATEGORIES

The Password Love Affair: Would you share your password with your partner?

February 14th, 2017


Passwords, for many people and companies, are one of the vital security controls that protect us from external hackers and cyber threats.

Passwords are part of everyday life and protect our privacy and sensitive information from unauthorized access. Every day billions of people power up their devices and connect to the internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and video’s, get advice for health, latest trends, look for jobs, share their thoughts and access their financial information.

As more and more people and business’s use online services, they quickly become targets for cyber criminals and hackers. For most of us, passwords are the only thing standing between our privacy and security from cyber criminals. It is critically important to know how cyber criminals target their victims, and what you can do to reduce the risk and make it more challenging for attackers to steal your information, your identity, or your money.

Passwords have always been a good security control, but the strength and processing of passwords impacts how secure they are. Choosing a password that’s easy to remember, and keeping it long, complex and unique contributes greatly to how strong the password is. How the password is processed and stored in an encrypted format also plays a major role in its security level.

We share many things with our partners from homes and bank accounts to dinners and cars. But should we also share our email or social media password with our partners? The short answer is “No.” It may be a romantic notion but it could lead to a privacy or security nightmare. Fortunately there are steps you can take to get on the road to password security.

Subscribe Now Follow on Feedly

Below are 9 easy steps to help you gain control and create passwords that will continue to be strong and secure.
And we’ve put them together in an easy to remember acronym: GET STRONG.

1. Go with encryption: Passwords cannot be left in plain text, ever, and especially not in an Excel document. Always store passwords with encryption.

2. Escape complexity (avoid complex relationships): Focus on teaching your end-users to use longer and more easily remembered passwords, like password phrases. Don’t let them get bogged down having to remember special character requirements.

3. Teach partners, friends, and family: Continued education is critical and is the most important step to your policy being implemented.

4. Size matters: The longer the password the harder it is for the hacker to break. It’s simple, make human passwords at least 8 characters long and systems passwords 12-50 characters.

5. Trust no, one not even your partner: Two-factor authentication is a must! No matter the size of your organization, consider two-factor options like RADIUS tokens, DUO, or Google Authenticator.

6. Rotate often, though relationships are optional: Don’t let those human passwords go unchanged for more than 180 days. And system passwords must be changed every 30-90 days. Setting a reminder is essential to ensure they are rotated in a timely manner. Note: In order to do this, you should use a password manager. Forcing a user to pick a new password themselves leads to issues like patterns in passwords. We’ve created handy side-by-side charts to enable you to compare popular password managers as well as other security software.

7. Omit duplicates (don’t double date): Use a unique password for each of your accounts. The same password should never be used more than once!

8. No cheating: Remembering a long password can be difficult, but don’t enable password hints. These just make it easier for hackers to get in.

9. Get a vault: Start using a trusted password manager to enforce strong password best practices. This way, users can always generate long and complex passwords, and never have to remember all their passwords.

Want to learn more? View our STAY STRONG Infographic.

If you’re interested in password security at enterprise level, download our free privileged password policy template.


The following two tabs change content below.

Joseph Carson

A Cyber Security Professional with 20+ years’ experience in Enterprise Security & Infrastructure, Joseph is a Certified Information Systems Security Professional (CISSP). An active member of the cyber security community and a frequent speaker at cyber security events globally, Joseph is also an adviser to several cyber security conferences.

Leave a Reply

*