The security of your systems and business in general is likely something that you are concerned, if not worried, about. While it is true that many businesses have security systems in place, the weakest link is often the password. In an effort to ensure that passwords remain secure, many companies adopt password policies. But are these policies really effective? If you are in the process of implementing a password policy, or are looking for a way to ensure that your business is as secure as possible, you need to be aware of at least four common password policy pitfalls.

1. Complex password requirements aren't complex at all One of the most common elements of a password policy is the requirement that passwords be complex. Many require that the password has at least one number, or a special character like '!' or '&', and possibly even a capital letter. While this may seem like it serves to make passwords more complex, many users will often use a simple password and replace words with a character, or add it at the end. This really doesn't make the passwords complex, it just makes them more difficult to guess.

Because so many systems have these requirements in place, hackers have started to include these factors when they develop password crackers. This means that the are still able to guess many passwords relatively quickly.

2. Lack of a lock-out A common way hackers get into systems is through a method called brute force. This is essentially entering different passwords and variations until you come across the correct password. While this method can take a while, if your password system doesn't have a lock-out rule - whereby the account becomes locked after a set number of failed attempts - you will eventually see a security breach. 3. Password changes are forced too often In order to keep systems secure, many companies force their users to change their passwords on a regular basis - usually every 90 days. While this is a good idea, some take it a bit too far, for example forcing employees to change passwords every two weeks. This may seem like a good idea, but all it does is encourage users to pick easy to remember passwords. And, any password that is easy to remember is likely easy to guess too.

4. Only focusing on digital passwords Because the number of password protected systems we use is increasing, many business users are struggling to remember all of the passwords they use. When this happens, the easiest solution is write to them down. When making a note of passwords, most people don't take any steps to hide them, often leaving a sticky note attached to their monitor or written in a notebook casually left open on their desk. Needless to say, this is a real security issue.

How should I ensure a strong password policy? Here are four actions you can take to ensure not only stronger passwords, but a policy that is effective.
  1. Try using passwords that are sayings and have spaces. Believe it or not, a random saying like "rude horses get pizza" is actually way more secure than any one word password with characters. Take a look at this XKCD comic for an interesting graphic on passwords.
  2. In order to minimize passwords and systems falling to brute force attacks, you should set a lock-out rule. It should be fair in that you shouldn't lock users out of their accounts if they fail one attempt. Most companies using this method set a limit of 3-5 attempts.
  3. You should ensure that your passwords are changed on a regular basis - most companies set every 90 days, and this is fine. In order to maximize security, it is a good idea to set it so that the same password and numbers can't be used, because most employees will just enter another number or character at the end or beginning. In other words, ensure the password is as different as possible.
  4. The most obvious point is to remind your employees not to write their passwords down and leave them in an easy to find area. If they have to write passwords down, tell them to use a code or even hide the piece of paper/lock it away in a secure safe. The other step you could implement is two-factor authentication, such as a user needing to enter a numerical code or piece of information when trying to access a system. Implementing a system like this and recording it in the policy will greatly reduce the chances of your passwords being stolen.
If you are looking for help with your password policy, or with the security of your business and systems, please contact us today.
 


Comments

12/10/2015 2:13pm

Passwords are getting stolen everyday its crazy

Reply
12/11/2015 2:00am

Passwords are like our secrets of business or life,many times they can be stolen by anyone.thanks to share your views about password policies.

Reply
10/11/2016 4:34am

The only problem of security measures is user - all the other is 99% secure!

Reply
10/11/2016 4:34am

Just try to use all cases in your password like upper and lower case, special signs and digits!

Reply

You shouldn't use the same password for all of your services and keep them on a notebook, real notebook!

Reply
12/05/2016 3:36am

Reply
12/10/2016 8:09am

Thank you for sharing such a good tips regarding to make our password protected in such a way, that it should be easy to read nor write. However, only that person should remember the password.

Reply
12/22/2016 1:50am

Much obliged to you for helping us to make the answers on this errand with your site intriguing and compensating this.

Reply
12/22/2016 2:00am

Thank input you give on your site offers a decent motivation for my life, particularly my work.

Reply
02/23/2017 8:59pm

I am very grateful for having permitted to endorse at this place. I feel very honored to give a little noise to progress together. Hopefully this decision is right and to those who elected mandate hopefully can run with good, honest and discreet. Create for some people but it will give a very remarkable effect on everyone. All will be positive when carrying out the mandate properly. In accordance with the statutory provisions in force.

Reply
02/25/2017 3:52am

As technology progresses, companies that rely on technology to produce their products are presented with new options for streamlining production. In the woodworking industry, one example of how technology has enhanced production can be seen in the invention of the CNC router.

Reply
03/06/2017 1:46am

Password is one of best source to secure you, recently advance type of security system were invented to secure your home, and you can set a password at your home door by using that device.

Reply
05/09/2017 6:16am

http://pseb.2017resultnic.in/

Reply
05/21/2017 12:16pm

This an informative post, especially since companies nowadays requires a password in order to get access to their data. I usually do the first policy and I realize that I should stop doing that. I should mix the numbers and special character in random phrases that way the password will be secured. Companies should at least conduct changes every two months and not every two weeks because employees will have a hard time remembering it. I will bookmark your blog so that I can read your updates since they are handy.

Reply



Leave a Reply

    Blog Authors

    Professional IT Consulting

    Archives

    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013

    Categories

    All