October 24, 2017

Categories: Security

9 Tips to Strengthen Password Security

October 24, 2017

Passwords have long been a challenge for users and system administrators.  Users generally dislike all the rules that system admins require, but they are still necessary.  Here are 9 tips to help strengthen your passwords.

1. Change passwords at least every three months for non-administrative users and 45-60 days for admin accounts.
2. Use different passwords for each login credential.
3. Avoid generic accounts and shared passwords.
4. Conduct audits periodically to identify weak/duplicate passwords and change as necessary.
5. Pick challenging passwords that include a combination of letters (upper and lower case), numbers and special characters (e.g. <$>, <%> and <&>).
6. Avoid personal information such as birth dates, pet names, and sports.
7. Use passwords or passphrases of 12+ characters.
8. Use a Password Manager such as LastPass where users need just one master password.
9. Don’t use a browser’s auto-fill function for passwords.

 

An advanced and under-used password security tip to consider is two-factor authentication, which is a way for websites to double confirm an end user’s identity. After the end user successfully logs in, they receive a text message with a passcode to then input in order to authenticate their ID.

This approach makes sure that end users not only know their passwords but also have access to their own phone. Two-factor authentication works well because cybercriminals rarely steal an end user’s password and phone at the same time. Leading banks and financial institutions enable two-factor authentication by default, but if not, the service can often be turned on by asking the website to do so. More and more non-financial websites are now offering two-factor authentication as well.