EOL IT Services has now merged with tier1 Asset Management Ltd

Passwords and the Post It Note Culture

by | Oct 21, 2014 | IT Security

It’s becoming increasingly difficult to ignore the constant reminders about how important it is to keep online security at as a high a level as possible. However, even after this security obsession, we still continue to leave passwords to sensitive business systems and confidential data on pieces of paper on our desks for anyone to see.

Of course, we have to keep a reminder of all of these passwords somewhere, but these Post It notes are most definitely not the solution.

Does your business have a policy on passwords?

Here are 5 things that your policy could include:

1. Use Strong Passwords

Of course, having a strong password is the first step to keeping confidential business information safe. Here’s what a strong password should and shouldn’t include:

  • A strong password should not contain any part of the user’s name
  • It should contain a minimum of 6 characters
  • It should contain, at minimum, 3 of the 4 following categories
  • Uppercase letters
  • Lowercase letters
  • Numbers, from 0 to 9
  • Non- alphanumeric characters, such as !, *, %, #

2. Define the Age of Passwords

Giving age limits to your password means that, if an attacker should learn the password (or create their own) it will only work for a specified amount of time. These password age limits also mean that passwords cannot be changed until they have reached the specified number of days old.

The length you allow a password age to be is totally dependant on what is suitable for your business, but between 30 to 90 days is the usual recommendation.

3. Use a Password Vault

It’s highly likely that, if you’re running a business, you will have hundreds of accounts for which you will also have a password. It would be nigh on impossible to remember each and every of these different passwords, therefore you must store them somewhere.

As mentioned earlier, notes on your desk are most definitely not the place to do this. Instead, password vaults work in a way that all passwords stored in it are encrypted. Then you, and whomever else you give access to the vault, has a master password (that should be complex and regularly changed) in order to access the other passwords.

Password managers such as 1Password and LastPass, are great choices that work cross platform and cross device.

4. Be Twice as Vigilant with Emails

Email accounts hold a plethora of different pieces of confidential information about businesses, thus passwords for these accounts should be especially sophisticated. This is especially true for those sites and accounts that have a ‘Forgotten Password’ tool.

Once a hacker has access to your email account, they, in theory, have access to most of your others.

As a rule of thumb, treat your email security as you would your bank account security.

5. Enforce an Account Lockout Policy

The idea of a lockout policy is that it will block and prevent access to anyone that does not succeed in entering the correct password after a specified number of times. The only issue with these policies is that as well as locking out potential attackers, they can also lock out authorised users.

You should ensure that, before the user is locked out, they are allowed a sufficient number of password attempts. This will prevent authorised users being locked out for simply mistyping the password.

Being prudent with passwords and introducing formal password policies are the number-one way to prevent breaches in your systems. While these can still happen, even with a sound policy, your business will be at a much lower risk of falling victim to them.

[Photo Credit: marc falardeau ]

Recent Stories

What Do Refurbished Technology Grades Mean?

What Do Refurbished Technology Grades Mean?

As enterprises strive to balance their sustainability targets and a limited financial budget with the technology requirements of the business, an increasing number of CIOs are taking a circular approach to IT procurement. Our ‘take, make, dispose’ culture has had a...

7 Questions to Ask Your ITAD Supplier.

7 Questions to Ask Your ITAD Supplier.

The growth of the cloud, the emergence of hybrid working and remote collaboration along with the soaring quantities of data-rich Internet of Things devices means that IT asset disposition no longer solely concerns the disposal of end of life IT assets. Today’s ITAD...

Are Unintentional Cyber-attackers Risking your Data Security?

Are Unintentional Cyber-attackers Risking your Data Security?

As we learnt during the last couple of years, for the cyber-criminals, a crisis merely presents an opportunity. In 2020, malware attacks rose by 358% and in the first quarter of 2022, Russia experienced nearly 3.6 million data breaches, an 11% increase*. Cyber-attacks...