Passwords are critical gateways to your company’s databases and networks. But they’re also potential open doors for hackers. Up there with “password” and “qwerty” in the Hack Me Hall of Fame are passwords that are short common terms like team names, dog breeds, dates and other easy-to-guess options. They’re risky on two fronts, according to the Federal Trade Commission. First, an up-to-no-good insider will take one look at the screensaver of an employee’s adorable sheepdog Ralphie and immediately try “sheepdog” and “Ralphie.” Second, common words are particularly susceptible to dictionary attacks, the tech equivalent of the million monkeys at a million typewriters that systematically try every conceivable word until they hit pay dirt. When creating passwords, remind your employees to skip those obvious choices. This is one time when good spelling can lead to bad results.
Longer passwords are better, of course, but they can be harder to remember. So how can businesses balance security and practicality? The FTC suggests considering the passphrase as an alternative. Hackers aren’t likely to guess a nonsense word like “iwtraranaped,” but the guy in the next office who plays in a Kiss cover band on weekends will instantly remember “I want to rock and roll all night and party every day.” Careful companies layer in mandatory numbers, symbols, or cases, making “iW2r+ran+ped!” an even stronger option. If your business requires employees to change passwords periodically, the Ace Frehley wannabe can simply move on to the next line of the song.
Here are some tips on building strong passwords.
A Strong Password Should:
- be at least 8 characters in length
- contain both upper and lowercase alphabetic characters (e.g. A-Z, a-z)
- have at least one numerical characters (e.g. 0-9)
- have at least one special character (e.g. ~ ! @ # $ % ^ & * ( ) – _ + =)
A Strong Password Should Not:
- spell a word or series of words that can be found in a standard dictionary
- spell a word with a number added to the beginning and/or the end
- be based on any personal information such as family name, pet, birthday, etc.
- be based on a keyboard pattern (e.g. qwerty) or duplicate characters (e.g. aabbccdd)
The following are vital suggestions for using passwords
- Do not share your password with anyone for any reason.
- Change your passwords periodically—at least every three months.
- Do not write your password down or store in an insecure manner. Never store a password in an unencrypted electronic file or use the “save my password” feature on websites for important passwords.
- Do not use automatic logon functionality on websites or devices.
- Avoid reusing a password.
- Avoid using the same password for multiple accounts or sites.
- If you have an in-home Internet router, change the default password. Each router has a basic default username and password combination. This makes it easier for hackers to break into your network.
Copyright © 2004-2017 American Land Title Association. All rights reserved.
This article has been used and reprinted with the permission of The American Land Title Association. The material is for general information purposes only and is not to be relied upon or used for any particular purpose. Title Industry Assurance Company, RRG, CPIM, Inc., and The American Land Title Association shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained or referenced in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal or professional advice, nor shall it serve as a substitute for the recipient obtaining such advice.