Having a strong password policy is one of the most simple and effective ways of protecting your business from cyber criminals. Weak passwords expose you to a wide range of potentially damaging threats.
The safest passwords are at least 12 characters long and use a mixture of uppercase and lowercase letters, numbers and special characters. Using three random words can generate strong passwords that are easy to remember.
Password managers, which generate strong passwords and store them safely for all your accounts, are useful for people who must remember multiple logins. Educate your employees on how to use them, and on good password hygiene in general.
Educate your employees on password policy, including what (and what not) to do, why it’s important and the risks they should be aware of. Back this up with processes and technical controls that reduce the risks of a cyber-attack and detect and prevent password misuse.
For many of us, using multiple passwords that are long and complex can be a burden. We are likely to forget them and end up wasting time by having to reset them. Consequently, it’s tempting to resort to passwords that are too simple or to use the same password for everything.
A good tip is to follow the National Cyber Security Centre (NCSC) password guidance, which recommends using three random words. That way, passwords will automatically be more complex and are likely to become easier to remember.
Password hygiene
There are plenty of other helpful measures you can take to help improve password safety in your business.
The most effective are:
- Use multi-factor authentication (MFA)
This is when you are sent a code to log in, usually via text or email. This makes it much harder for a criminal to access an account. Most online services (such as banking or email) will offer you the option of enabling MFA these days, so make sure you have it switched on. - Change passwords
But only if someone suspects their password may have been exposed in any way, like if they’ve used the same password elsewhere. Otherwise, asking your team to regularly change their passwords tends to result in them using simpler ones that are easier for hackers to work out. - Educate everyone
Ensure your employees undergo cyber security training that covers the importance of good password hygiene, how to change their password and how to use a password manage.
Key takeaways
Strong password hygiene is one of the simplest ways to protect your business.
- Use long, complex passwords that will be hard to guess or difficult for an automated program to crack.
- Encourage the use of three random words. It’s an effective way to make strong passwords that are easier to remember.
- Password managers are a good option for people who need to remember login details for multiple accounts.
