Passwords are a crucial element in network security, but their importance is often misunderstood. One of the key points of security tools such as network security monitoring is to flag unusual (and therefore suspicious) activity on an organization's computer systems. If passwords are so easy for hackers to guess that they can obtain them in a normal number of attempts, then cybersecurity software is less likely to notice criminals' efforts. But even businesses that do not rely on advanced security tools can still benefit from strengthening their password practices. The following is some basic advice on passwords. But first, a look at the problems.
EiQ has discussed bad passwords before. Hacks that compromise real-life passwords have shown that users, despite advice to the contrary, continue to employ very easily guessed combinations. For example, “password” and “123456” are still very frequently used. So are the names of sports, such as “football” and “baseball.” Even slightly less bad ideas—names of loved ones, for example—can be quickly guessed by cyber criminals after they do a bit of research on the victim via social media.
Employees sometimes use the same password on their work machines as they do for their personal accounts. If the services hosting their personal accounts are breached, then hackers targeting a work account can attempt the password of the user's personal account.
Password Security Basics
This post from cybersecurity expert Bruce Schneier is a good overview of how to select strong passwords. When choosing a password, Schneier recommends inventing a sentence and turning it into password. For instance, looking at the initial letter of each word in “The Statute of Liberty is a popular tourist destination in New York City” yields TSoLiaptdiNYC. This string can be made more complex by adding some special characters and numbers: TS%oLiapt7diNY;C. Be sure to use special characters (ones besides letters and numbers) other than those available on the number keys. In other words, use special characters from the right side of the keyboard, such as “ and [, in addition to the usual special characters such as ! and @.
Schneier also provides some additional important tips for good password hygiene. First, never reuse important passwords. If each of a user's important passwords are unique, they are more secure. Second, be wary of the “secret question” options for restoring access to a forgotten password. If users are required to input answers to secret questions, they should put in bogus answers and store the answers somewhere safe, such as a well-defended password manager. Finally, it is generally a good idea to use two-factor authentication for services that offer it.
Security software can do a lot to protect your data—and your company's—but your participation is important, too. Selecting secure, unique, and complex passwords will help protect your information from hackers and ensure you get the most out of your digital protection services.
Strong passwords is just part of an overall cybersecurity plan. Businesses should also consider solutions such as managed security services, including EiQ's SOCVue.
More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!