EOL IT Services has now merged with tier1 Asset Management Ltd

Passwords and the Post It Note Culture

by | Oct 21, 2014 | IT Security

It’s becoming increasingly difficult to ignore the constant reminders about how important it is to keep online security at as a high a level as possible. However, even after this security obsession, we still continue to leave passwords to sensitive business systems and confidential data on pieces of paper on our desks for anyone to see.

Of course, we have to keep a reminder of all of these passwords somewhere, but these Post It notes are most definitely not the solution.

Does your business have a policy on passwords?

Here are 5 things that your policy could include:

1. Use Strong Passwords

Of course, having a strong password is the first step to keeping confidential business information safe. Here’s what a strong password should and shouldn’t include:

  • A strong password should not contain any part of the user’s name
  • It should contain a minimum of 6 characters
  • It should contain, at minimum, 3 of the 4 following categories
  • Uppercase letters
  • Lowercase letters
  • Numbers, from 0 to 9
  • Non- alphanumeric characters, such as !, *, %, #

2. Define the Age of Passwords

Giving age limits to your password means that, if an attacker should learn the password (or create their own) it will only work for a specified amount of time. These password age limits also mean that passwords cannot be changed until they have reached the specified number of days old.

The length you allow a password age to be is totally dependant on what is suitable for your business, but between 30 to 90 days is the usual recommendation.

3. Use a Password Vault

It’s highly likely that, if you’re running a business, you will have hundreds of accounts for which you will also have a password. It would be nigh on impossible to remember each and every of these different passwords, therefore you must store them somewhere.

As mentioned earlier, notes on your desk are most definitely not the place to do this. Instead, password vaults work in a way that all passwords stored in it are encrypted. Then you, and whomever else you give access to the vault, has a master password (that should be complex and regularly changed) in order to access the other passwords.

Password managers such as 1Password and LastPass, are great choices that work cross platform and cross device.

4. Be Twice as Vigilant with Emails

Email accounts hold a plethora of different pieces of confidential information about businesses, thus passwords for these accounts should be especially sophisticated. This is especially true for those sites and accounts that have a ‘Forgotten Password’ tool.

Once a hacker has access to your email account, they, in theory, have access to most of your others.

As a rule of thumb, treat your email security as you would your bank account security.

5. Enforce an Account Lockout Policy

The idea of a lockout policy is that it will block and prevent access to anyone that does not succeed in entering the correct password after a specified number of times. The only issue with these policies is that as well as locking out potential attackers, they can also lock out authorised users.

You should ensure that, before the user is locked out, they are allowed a sufficient number of password attempts. This will prevent authorised users being locked out for simply mistyping the password.

Being prudent with passwords and introducing formal password policies are the number-one way to prevent breaches in your systems. While these can still happen, even with a sound policy, your business will be at a much lower risk of falling victim to them.

[Photo Credit: marc falardeau ]

Recent Stories

The Hidden Environmental Impact of Our Smartphones.

The Hidden Environmental Impact of Our Smartphones.

Checking emails, social media or the news; banking, making payments, taking photographs, finding our way; it is fair to say that we would be lost without our smartphones, perhaps literally. Oh, let’s not forget, our now indispensable devices also make calls. Essential...

Delivering Social Value Through Our Business Operations

Delivering Social Value Through Our Business Operations

We have become increasingly aware of economic, social and environmental issues. Our renewed sense of community, which naturally came into focus during Government lockdowns, furthered the opportunity for ethical businesses to drive social impact, rather than simply be...

Navigating the Subjectivity of Refurbished IT Devices

Navigating the Subjectivity of Refurbished IT Devices

Reconditioned, renewed, pre-owned… as there are no hard and fast definitions of what the phrase ‘refurbished technology’ means, purchasing restored devices can feel a little like navigating a minefield. This confusion, poor experiences or deep-rooted misconceptions...

Categories