+1-202-802-9399 U.S. Headquarters
Free Trial

Thycotic Blog

Technical Product Updates and Industry Trends

The Password Love Affair – Would you share your password with your partner?


Passwords for many people and companies are one of the vital security controls that protect us from external hackers and cyber threats.

Passwords are part of everyday life and protect our privacy and sensitive information from unauthorized access. Every day billions of people power up their devices and connect to the internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and video’s, get advice for health, latest trends, look for jobs, share their thoughts and access their financial information.

As more and more people and business’s use online services, they quickly become a target for cyber criminals and hackers. For most of us, passwords are the only thing standing between our privacy and security from cyber criminals. It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity, or your money.

We share many things with our partners from homes, bank accounts, dinners, and cars though would you share your email or social media password with your partner?

Passwords have always been a good security control though the strength and processing of passwords make a major difference into how secure they are. For example, the importance of choosing an easy password to remember, keeping it long, with some complexity and unique contributes greatly to how strong the password is, how the password is processed and stored in an encrypted format plays a major role in the security of passwords.

Below are 9 easy steps to get control and make passwords continue to be strong and secure. People are hard to teach and hard to retrain out of shortcut habits. Let us help educate you.
These are the 9 steps to start your year off right with password security. And, we put them together in an easy to remember acronym: GET STRONG.

1. Go with encryption: Passwords cannot be left in plain text ever and especially not in an Excel document. Always store passwords with encryption.

2. Escape complexity (avoid complex relationships): Focus on teaching your end users to use longer and more easily remembered passwords, like password phrases. Don’t let them get bogged down with having to remember special character requirements.

3. Teach partners, friends, and family: Continued education is critical and is the most important step to your policy being implemented.

4. Size matters: The longer the password the harder for the hacker to break. It’s simple, make human passwords at least 8 characters long and systems passwords 12-50 characters.

5. Trust no one not even your partner: 2-factor is a must! No matter the size of your organization, there are two-factor options like RADIUS tokens, DUO, or Google Authenticator.

6. Rotate often though relationships are optional: Don’t let those human passwords go unchanged for more than 180 days. And for system passwords, they need to be changed every 30-90 days. Setting a reminder is essential to ensure they are rotated timely. Note: In order to do this, you should use a password manager. Forcing a user to pick a new password themselves leads to things like patterns in passwords.

7. Omit duplicates (don’t double date): Use a unique password for each of your accounts. The same password should never be used more than once!

8. No cheating: Remembering a long password can be difficult, but don’t allow password hints. These just make it easier for hackers to get in.

9. Get a vault: Start using a trusted password manager to enforce strong password best practices. This way, users can always generate long and complex passwords, never have to remember all their passwords.

Want to learn more? View our STAY STRONG Infographic here.

The following two tabs change content below.

Joseph Carson

A Cyber Security Professional with 20+ years’ experience in Enterprise Security & Infrastructure, Joseph is a Certified Information Systems Security Professional (CISSP). An active member of the Cyber Security community and a frequent speaker at Cyber Security events globally Joseph is also an adviser to several cyber security conferences.

Leave a Reply

CAPTCHA
*