World Password Day
Today is World Password Day and cyber security for you, your company, and your employees is hugely important. That’s why we have compiled a few tips for creating and enacting a strong password policy for your company.
Make sure your employees know what your password policy is.
Create a set of rules that include the number of letters, numbers, and symbols they must use. Set up a schedule for when employees should and must change their passwords. But, don’t change them too often. A strong password will last for at least a year. Encouraging employees to change them more than that will result in the same password with just a change in the numbers or special characters, and those passwords are easily hacked.
The 8 + 4 Rule
This rule allows for employees to create secure passwords using just 8 characters. Creating a password that includes 1 uppercase, 1 lowercase, 1 number, and 1 special character. Keep it to 10 characters or less and space out your numbers and special characters throughout your password. When they are right next to each other, it is easier to guess them.
Enforce your password policy.
There should be consequences when someone doesn’t comply with the rules of the policy. What those consequences may be is up to you, but unless you enforce the policy everyday, employees will continue to make bad cyber security decisions.
Create a lockout after someone tries to log in with an incorrect password.
Forgetting your password is a normal everyday occurrence so setting a lockout after, let’s say, 4 unsuccessful attempts will give that employee a chance to remember their password or change it the next time they are able to login.
Keep it weird.
Encourage your employees to be as weird as they want when creating a password, as long as it keeps you secure and they will be able to remember what they created. However, stay away from pop culture, sports, music, film, etc. references. They are easy to guess, especially if it’s something that you make known that you like.
- Share passwords via electronic means
- Use personal information
- Write passwords down
- Use the same password for everything
- Tell anyone what is your password
- Create a password that contains an acronym, especially if it describes the department you work in