Ask Yourself; Is Your Password Safe?
Whether it is your work account or your personal email account, unless you have SSO enabled, a password is most likely required to access them. As mere humans, we tend to choose the same password for different accounts or sites; as it is more convenient than remembering them.
However, with the recent increase in cybercrime activities, it is important that we continue to safeguard ourselves personally and professionally. This is why a Password Management Policy is one of the most important policies to have in any organization; be it a media company, tech, finance or even a 3-person startup.
Here are the top 4 most important points to have in any Password Management Policy.
Use Password Management Tool
Password Management tools like Bitwarden or LastPass allow you to generate and better manage your complex passwords, especially if you have multiple accounts. This avoids the need to physically write down your password on a sticky note or save them on your Notepad; which is also a no-no!
These tools also allow you to securely access your passwords from anywhere via a browser or a mobile app.
Unique password for every account
To minimize risk of potential brute-force attacks and security breaches, do not reuse passwords and avoid using easily guessable and identifiable information such as your name, birthdate, or other personal information in your passwords.
Best practice is to use passwords that are at least 8 characters long and include at least:
- a lowercase letter,
- an uppercase letter,
- a number and,
- a special character (i.e. # or %)
Enable 2-Factor Authentication (2FA)
“2FA is an identity and access management security method that requires two forms of identification to access resources and data.”
In simple terms, 2FA helps to identify and verify that you are the legitimate owner of the account you are accessing. 2FA also helps to reduce your vulnerability to rainbow table attacks.
Google Authenticator is an example of a virtual 2FA device while HSBC Security Device is an example of a physical 2FA device.
Regular update of passwords
It is a best and common practice to update your passwords, at least, every 90 days to reduce the risk of a security breach or even a Brute-force Attack.
Secured or critical systems like online banking or financial systems may require a lesser period like 30 days.
Of all of these 4 top pointers, what have you implemented as your password management practices? Or are these new to you? If you have other key pointers, comment your suggestions below!
