Passwords aren’t new. For as long as we’ve tried to share secrets or keep intruders out, we’ve been using codes to
ensure only the ‘right’ people can access our precious information. But the world is becoming far more complex, with most businesses having to manage staff access to dozens of apps, services and websites secured by
passwords.
Every successful cyber attack starts by accessing a computer that the criminal should not be able to log in to. Cyber-attackers rely on stealing or cracking passwords in order to break into business systems, bank accounts and online services. From there, it’s relatively easy to steal data which can be used nefariously or, more simply, to extract ransom money. Here are six key tips for businesses struggling to manage their password security.
1. Encourage staff to use complex passwords
The simple rule for passwords is ‘longer is stronger’. Instead of using a word, encourage your employees to use a phrase. ‘JackAndJillWentUpTheHill’ is more difficult for a password cracker than ‘JackJillHill’. But an even harder password to crack is ‘KHLGSDJyjw49560[98s*&_()*{w’. This is because many password crackers use a dictionary to try passwords. By avoiding actual words, your business can make their task significantly harder. Provide guidance to employees on how they can apply the strongest defence.
2. Never reuse passwords
As a rule, criminals are usually looking for the easiest payoff. Like the thief that sees a phone on a car seat and can quickly smash a window and make a run for it, cyber criminals are looking for quick ‘wins’. Criminals share stolen passwords. If you use the same password across multiple services and it’s stolen in one attack, all your user accounts are at risk. Use a different password for every user account so the fallout of one attack is limited.
3. Use a password manager
Applying the first two tips is hard — unless you use a password manager. This is a program that securely stores all the business’ passwords and enters them automatically when a program or website asks for them. Most password managers have a password generator built into them, which can help your team generate long, complex passwords and ‘outsource’ remembering them to the password manager.
There are many
password manager apps on the market to choose from. Apple has its own called Keychain Access and Google has a
password manager built into the Chrome browser. Others such as
1Password,
LastPass and
Dashlane are also popular. Be sure to choose one from a reputable company that you’ve heard of.
Your password manager will rely on management knowing one password — the master password to its password vault. You can write this down and safely store it, but not on a sticky note on your screen or under your keyboard.
4. It’s not all up to users
Successful password management is a team effort. As well as supporting users with the tools to help them create and save strong passwords, monitoring systems that detect signs of intrusion are a must-have for businesses. These systems detect when passwords are being used in unexpected ways — such as team members based in Brisbane who work from 9am to 5pm suddenly logging in from Ukraine at 3am.
Many password manager tools can separate business and personal identities so that if someone leaves the business they can take their own personal passwords with them.
5. Multi-factor authentication
Even if businesses follow these steps a password can still be stolen. This is where multi factor authentication (MFA) is useful. An example of MFA most people are familiar with is when your banking app sends you an SMS message with a code to enter for confirmation when you are transferring funds to someone new. MFA provides assurance that if your password is compromised, the likelihood of bad guys accessing your business data is greatly reduced.
6. Take advantage of modern tools
Many smartphones, tablets and computers enable staff to log in using facial recognition or a fingerprint. These are very secure and very hard to hack. The fingerprint or face is converted into a unique code that is securely stored on the device and can’t be reverse engineered to reconstruct a fake fingerprint or face.
Passwords are an annoying fact of life. Giving your teams the tools they need to create and store strong, unique passwords that are backed by MFA, will ensure you keep your business as safe as possible. Most cyber criminals are looking for a quick payoff. By making life harder for them, you will discourage them and they will move on, leaving your data alone so you can stay focused on doing what you do best.