As cybercriminals get bolder and more sophisticated, protecting your organization becomes more challenging. Verizon’s recent Data Breach Report states that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. In the report, a breach is defined as an incident that results in the confirmed disclosure to an unauthorized party. Getting employees in the habit of practicing good password management is key to reducing potential vulnerabilities.

So, What Can you Do?

Using good password practices is not difficult. A little forethought on your part can save you lots of time, money and aggravation in the long run. We recommend the following to help you establish good password management habits in your organization.
Create a “Passphrase”. A passphrase is a series of random words or a sentence. They are longer than a password and can contain spaces in between words. Since they are longer and more complex, they are a better option to help defend against the most highly efficient password cracking tools. These tools tend to break down at around 10 characters which means even the most advanced cracking tool won’t be able to guess, brute-force or pre-compute your passphrase.

How to create a strong passphrase:

  1. Avoid Using Obvious Personal Information. It is easier for hackers to guess your passwords if they reference personally identifiable information such as your birthday or your middle name.
  2. Use a phrase and incorporate shortcut codes or acronyms. Memorizing all these passwords may be difficult, to make it easier on yourself incorporate phrases and shortcut codes or acronyms you will easily remember. In order to prevent someone from hacking these phrases you should also add in random characters between the words.
    • For instance, an example of a strong passphrase is, I love dark chocolate, which translates to – i<3d@r&ch0c0L8mmm
  3. Use the 12 + 4 rule. Use 12 characters with 4 different character types. The more complex the better.
    • At least one upper case (avoid using this as the first letter of your passphrase)
    • At least one lower case (avoid using this as the last character of your passphrase)
    • At least one special character
    • At least one number
    • Don’t bunch the special characters and numbers: make sure they are separated throughout the passphrase to ensure a stronger password.
  4. Use UNIQUE Passphrases. Always use different passphrases for your various accounts: if one of your accounts gets hacked you do not want to be using the same passphrase across multiple accounts.
  5. Change your Passphrase every 3 months. In order to maximize security, make sure you do not repeat any of your past passphrases.
  6. Use a Password Manager. In order to remember all these passphrases, you should use a password manager to store them in an encrypted, centralized location, which you can access with a master password. (Don’t lose that one!)
  7. DO NOT Write your Passphrases Down Anywhere. They can easily be taken this way and your accounts can be hacked. Sticky notes with your passphrases written on them are a thing of the past.
  8. NEVER share your Passphrases with Anyone. If you share your passphrases with others you are technically hacking yourself! What’s even worse about sharing your passphrases is that you can be blamed for actions under your name once the hacker goes into your accounts.
  9. Implement Two-Factor Authentication. Two-factor authentication requires you to input a PIN that will be sent to you via email, text or even a call. Two-factor authentication is extremely effective against hackers and takes security to the next level.
  10. Educate Your Employees. You’re only as strong as your weakest link. By teaching employees about these basic password management concepts, organizations can ensure their employees understand their responsibilities in protecting company resources against threats.