As a business, IT security should be your primary concern. Although passwords have been around since 1961, they can be one of the first steps in keeping your business safe but can often be the weakest link.
Password Policies and Procedures
Having a standard policy for passwords – e.g. Minimum character count, at least 1 capital letter, 1 number and 1 symbol – is a good start to improve this typically weak area.
All of this however will be inevitably in vain if you, as a company, do not have proper procedure in place to follow regarding passwords.
This could include for example:
- Not disclosing your password.
- Not leaving your password written on a document left lying around the office.
- Not left cached inside browser windows.
Having a set procedure in place for your staff to follow can be crucial in making sure your business stays safe and secure.
The impact of non-secure passwords
A weak or non-secure password can cause a plethora of issues for you as a business.
Your password is the key to accessing your accounts and your systems, especially on the cloud, which means a weak password is like leaving the key in a lock. Having the same password for multiple accounts across your business can be likened to that same key being able to open all the other doors.
Once those doors are open your business is vulnerable, this could be in the form of ransomware or data theft or a whole host of other issues that could plague your business.
These threats could cause business downtime leading to a loss of time and money whilst you try to fix the problem and recover from it, not to mention GDPR.
Password Managing Applications
A password manager is an application that both generates secure passwords and stores those passwords to be used later. All you need is to remember your 1 master password to access the application.
Advantages of these are:
- You only need to remember one secure password.
- You can then use large strong generated unmemorable passwords for every other service, as you don’t need to remember those.
- They can be auto filled to your website login boxes so you don’t even have to type them in making logins to websites almost immediate.
- Works across multiple devices. The phone APP and chrome browser extension work in tandem, so your passwords are all with you, wherever you go.
As an extra layer of security, you should turn on two factor authentication (2FA) which we will cover later. This would mean that to access your password management software you would need a code generated on your mobile phone app typically google authenticator or a variant of that to login.
What we recommend
Here at Bowe, we recommend our businesses follow a standard business procedure for passwords.
This standard procedure involves:
- Changing passwords at every agreed interval – 30 days recommended
- Having a minimum of 8 characters to a password, at least 2 numbers and including at least 1 special character within the password.
We encourage this to try and make sure all our partners are as secure as they can be and limit the risk of potential threats to their business.
If in doubt you can check your password on https://www.haveibeenpwned.com/passwords to see if your password is on a password breach list of approximately 555 million passwords. If it is, change it immediately. Password breach lists are used by hackers to attempt access to accounts. The is serviced by https and is ran by trusted security researcher Troy Hunt.
Two factor Authentication
Anytime two factor authentication is available we recommend you set it up. It is worth noting two factor authentication through SMS is not as secure as google authenticator 2FA due to the possibility of a sim swap attack. This involves someone persuading your mobile phone carrier to swap your mobile number to their new number with a story that they have got a new phone. If they can convince the mobile phone carrier to change it, or by answering the security questions correctly, then your two factor codes will go to the attacker allowing them to reset your password and gain access to your accounts.
For the highest security two factor authentication, we recommend using a Yubikey. These are USB devices which have a button on them for you to press when generating a code.
You will have heard of Face ID and finger print scanning. These are a way of proving that you are you. These are a great way of adding additional layers of security if the option is available to the system.
There are many ways in this day and age to protect your online accounts from hackers and a multi layered approach is always best. If there are ways of adding extra security so you are not just relying on a password to gain access to systems, then those should be investigated.
Top Image Credit: Technology vector created by slidesgo – www.freepik.com