For years, we’ve been told that strong passwords include three things: upper- and lowercase letters, numbers, and symbols. And why wouldn’t we believe it when every credible security organization has told us that these are the minimums needed to create strong passwords?
Here’s why not and how it involves you.
The problem
The issue is that people are creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”
This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.To make matters worse, people don’t change their password regularly and when they do, most only add one number or symbol, which is again not really adequate.
This amounts to passwords that are hard for humans to remember but easy for computers to guess. Recently, the view on what makes a secure password has changed.
The solution
The new accepted norm being touted by security experts, is to advise enterprises to utilize multifactor authentication (MFA) in login policies.
This requires users to present two valid credentials to gain access to their data. For instance, a code texted to an employee’s smartphone can serve as an added security measure to thwart hackers.
Moreover, security experts suggest implementing long passphrases of 16 characters or more (preferably 25), such as “correctmyachingback” or “iknewtherewastroublewhenwalkedin7843”. These are much more difficult to guess and less prone to hacking. As for the frequency of changing passphrases, it will depend on a company’s risk tolerance.
Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.
So in summary, you should enforce the following security solutions within your company:
- Multi-factor authentication
- Single sign-on– allows users to securely access multiple accounts with one set of credentials
- Account monitoring tools– recognizes suspicious activity and locks out hackers
If you’d like to learn more about security options, just give us a call at 757-500-5054.
Lee Nelson
Senior Solutions Architect
EDM Automation
Lee Nelson