Happy New Year!
This is the first in a series of monthly information security awareness posts to help our clients stay ahead of security problems by informing their employees of common security best practices, recent trends and threats, and advice of what to do if the bad guys get you!
This month, Passwords.
Nobody likes them, we have too many of them, and its the sort of thing that we get lazy about, which can leave both us as individuals, as well as the companies we work for, vulnerable to all sorts of bad things. Identity theft, data loss, financial loss, reputation loss. you name it, you can lose it with bad password habits.
What can we do?
Strong Passwords and Passphrases
It starts with strong passwords. Strong passwords are those that contain multiple types of characters, a letter, a number, and a symbol. Different systems may restrict the use of special characters, and most (but not all) corporate logins will enforce this rule for you. Good passwords should be:
- 8 or more characters in length
- Contain an upper case letter (A-Z)
- Contain a lower case letter (a-z)
- Contain a number (0-9)
- Contain a special character (~!@#$%^*&;?.+_)
- Different for each system you access
Never use common things like your name, or your company name, and use different passwords for different functions, and avoid mixing your personal passwords with your work identities. If you lose one password, you only have to worry about one system.
That’s going to be a lot of passwords, so you may want ask your IT department to install a…
Password Management Software Package
To manage all these, we recommend you use a password manager such as Keepass its free, and a decent way to keep track of all these things i just told you you needed. Of course, make sure you protect it with a strong passphrase, constructed according to the above guidelines!
There are lots of packages that do this, your IT department may suggest a different one. They store your passwords safely, and give you the ability to recall them and automatically paste them into web sessions. They usually can generate secure passwords for you, which takes the guesswork out of good construction.
Keep it secret! Change them regularly!
Finally, don’t give your passwords to ANYONE! There are very few (some may argue zero) circumstances where someone other than you needs you password. If someone claims they need it, ask, and when in doubt, escalate to a manager, IT, or your local Information Security office. Don’t rely on the “Save Password” feature in your browsers. Don;t put it in an email. Don’t give it out on the phone.
Good password hygiene suggests you change your password at least every 60 – 90 days, and your IT department may force that change. If it doesn’t, change them every now and then. Don’t use a password that’s been around for more than a year. If you lose control of any of your passwords, change it immediately, and inform your IT department.
Keep it secret, keep it safe.
If you have any questions, ask your local IT resource, or email us. We are here to help!