The Best Password Practices for Businesses

While passwords can be frustrating and even outright annoying, the reality is that they are a necessary safeguard for network, system, and application access. Poor quality passwords and lax password rules within organizations are huge threats to cyber security. It’s important that as a business owner, you understand how strong passwords can be created, and why they are effective.

There are simple ways to improve password security in your organization, and you can even start to implement some simple tips in your business right away.

The Worst Passwords Are Still Widely Used

It’s disturbing that in 2018, we still see “password”, “abc123” and “123456” listed in a number of most common password surveys. These passwords are also listed amongst the worst by research firms. They’re common, simple to guess, and any malicious party that knows their way around a network will without a doubt by trying these first when trying to illegally access a computer or network.

You wouldn’t use generic locks on your business security doors, so why allow the use of simple and generic passwords?

By improving password rules within your organization, you will add an additional layer of security over your data, reducing the chances of costly and potentially business-ending data loss.

This Is How Your Organization Can Improve Passwords

  1. Stop Using the Same Passwords for Different Applications or Systems

Although it might be more convenient for you and your employees to use the same credentials (like usernames and passwords) for different applications and systems, this will only increase the security risk to your organization. If a password is compromised, then a malicious party could potentially gain access to every secure system or piece of software that uses the same password.

  1. Don’t Share System Access

In some organizations it is still common to see shared access for a single resource. Examples include point of sale computers, or access to software on a remote machine. This type of access allows for password sharing and is an inherently unsecure practice.

  1. Passwords Should Be Changed Periodically

How often? In some organizations, password resets are enforced on a 30-day rollover basis. The exact duration of password validity depends on your business, your resources, and the perceived level of risk. Resets every three months could be considered for smaller organizations.

  1. Don’t Allow the Reuse of Credentials

When adhering to the practice of password expiry and regular password changes, it’s important not to reuse credentials. Passwords compromised in the past could then become a security hole if they are used again. This is more inconvenient for users and it can be a point of contention in the corporate world. However, preventing the reuse of credentials could significantly increase password security within your company.

  1. Use Passphrases Instead of Passwords

A password typically refers to a single number and letter combination that is 10 characters or fewer. Passphrases are combinations of multiple words and numbers, which can include spaces between words. Passphrases are harder to guess and harder to crack through brute force hacking methods. Another benefit of passphrases is that they’re easier for staff to remember.

Keep in mind that common and obvious phrases should be avoided.

Improve Security Organization-Wide with a Managed IT Service

Strong passwords are just one aspect of good data and cyber security. If your business collects and stores any kind of digital data, or uses computer systems for core business, then you will need the best security that you can get.

Managed IT services and consulting will allow you to develop the best password rules, IT policies, and overall security policies that will protect your business from the risk of internal or external data theft.

Scroll to Top