EOL IT Services has now merged with tier1 Asset Management Ltd

Passwords and the Post It Note Culture

by | Oct 21, 2014 | IT Security

It’s becoming increasingly difficult to ignore the constant reminders about how important it is to keep online security at as a high a level as possible. However, even after this security obsession, we still continue to leave passwords to sensitive business systems and confidential data on pieces of paper on our desks for anyone to see.

Of course, we have to keep a reminder of all of these passwords somewhere, but these Post It notes are most definitely not the solution.

Does your business have a policy on passwords?

Here are 5 things that your policy could include:

1. Use Strong Passwords

Of course, having a strong password is the first step to keeping confidential business information safe. Here’s what a strong password should and shouldn’t include:

  • A strong password should not contain any part of the user’s name
  • It should contain a minimum of 6 characters
  • It should contain, at minimum, 3 of the 4 following categories
  • Uppercase letters
  • Lowercase letters
  • Numbers, from 0 to 9
  • Non- alphanumeric characters, such as !, *, %, #

2. Define the Age of Passwords

Giving age limits to your password means that, if an attacker should learn the password (or create their own) it will only work for a specified amount of time. These password age limits also mean that passwords cannot be changed until they have reached the specified number of days old.

The length you allow a password age to be is totally dependant on what is suitable for your business, but between 30 to 90 days is the usual recommendation.

3. Use a Password Vault

It’s highly likely that, if you’re running a business, you will have hundreds of accounts for which you will also have a password. It would be nigh on impossible to remember each and every of these different passwords, therefore you must store them somewhere.

As mentioned earlier, notes on your desk are most definitely not the place to do this. Instead, password vaults work in a way that all passwords stored in it are encrypted. Then you, and whomever else you give access to the vault, has a master password (that should be complex and regularly changed) in order to access the other passwords.

Password managers such as 1Password and LastPass, are great choices that work cross platform and cross device.

4. Be Twice as Vigilant with Emails

Email accounts hold a plethora of different pieces of confidential information about businesses, thus passwords for these accounts should be especially sophisticated. This is especially true for those sites and accounts that have a ‘Forgotten Password’ tool.

Once a hacker has access to your email account, they, in theory, have access to most of your others.

As a rule of thumb, treat your email security as you would your bank account security.

5. Enforce an Account Lockout Policy

The idea of a lockout policy is that it will block and prevent access to anyone that does not succeed in entering the correct password after a specified number of times. The only issue with these policies is that as well as locking out potential attackers, they can also lock out authorised users.

You should ensure that, before the user is locked out, they are allowed a sufficient number of password attempts. This will prevent authorised users being locked out for simply mistyping the password.

Being prudent with passwords and introducing formal password policies are the number-one way to prevent breaches in your systems. While these can still happen, even with a sound policy, your business will be at a much lower risk of falling victim to them.

[Photo Credit: marc falardeau ]

Recent Stories

Does AI Fight or Facilitate Cybercrime?

Does AI Fight or Facilitate Cybercrime?

Despite the splash made by ChatGPT at the end of 2022, Artificial Intelligence and Machine Learning have been part of our daily lives for some time. We use smart home devices, chatbots, voice assistants, and Netflix recommendations with little thought as to what’s...

These 5 Sustainable IT benefits will boost your business.

These 5 Sustainable IT benefits will boost your business.

The urgent need to minimise the impact our technology has on our environment stretches far beyond the moral obligation. With the future development of our organisations in mind, if we are to continue to rely heavily on the networked technologies that simplify our...

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

As cybercriminals commonly target software vulnerabilities, the assumption is easily made that cybersecurity threats come in the form of phishing, malware or ransomware. Consequently, corporate cybersecurity strategies can neglect the very foundation of the network,...