When it comes to protecting confidential information, businesses are often only as strong as their weakest password. One weak password can lead to a data breach resulting in loss of reputation, revenue or even loss of an entire business. With such high stakes, it’s important to enforce a strong password policy to prevent hackers.
How Hackers Guess Passwords
Today’s hackers use software that guesses user passwords by rapidly running through an enormous amount of password combinations per second. This hacking software is designed to use two techniques to guess passwords: dictionary and brute-force.
- Dictionary Technique: Uses a list of preset common passwords to guess
- Brute-Force Technique: Systematically runs through letter, number and special character combinations to guess
Here are some examples of passwords that are no match for hacking software.
Weak Password Examples:
- The use of “password” in any way – p@ssw0rd; !Password123
- Common sequences of letters/numbers – 12345; abcde; 1122333
- Keys that are near each other – asdf123; !qwerty
- Single words with common special characters – C@rdinal1; c0rv3tt3!
New Complex Password Policy Standard
To combat current password guessing software, a new password policy has been adopted by IT security professionals. The new password policy standard emphasizes password length and complexity. A password that meets the following new guidelines will generally take many years for hacking software to guess, and thus be a stronger password.
Longer Passwords are Stronger Passwords
- Use a minimum of 12 characters
- Use a phrase that you can picture and easily remember
Complexity is Still Important
- Use any character, including spaces
- Mix up special characters throughout your phrase
Strong Password Examples:
- Golf !s theB3st Sp0rT
- Irel@nd NextYear 07.08.2018
Password Security Best Practices
In addition to creating a long, complex password, the following additional security practices should also be put in place.
Mandatory Password Changes
Since passwords that meet the new policy are much stronger, they only need to be changed two times a year. That means fewer passwords for employees to create and remember! Even though these passwords are stronger, they may still fall into the hands of hackers through phishing schemes or other methods. By making employee password changes mandatory twice a year, you are adding another safety net against hackers.
By locking accounts after a certain number of failed password attempts, account lockouts stop brute-force hacker attacks in their tracks. Once an account is locked, it can only be unlocked by a designated administrator.
Implementing the new complex password policy at your company is a positive step towards protecting your sensitive business information. However, you need make sure that this policy is followed by all employees for it to be effective. If you have questions regarding how to successfully implement and manage the complex password policy at your company, Anders team of technology advisors are here to help. You may contact Anders to learn more about the new complex password policy, password best practices, other recommended security best practices and Anders Technology Services.All Insights