Your IT Support Experts - Homepage

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

(703) 359-9211

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

Macro Systems Blog

Macro Systems has been serving the Metro Washington, DC area since 1997, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

A Guide on Best Practices for Creating Strong, Safe Passwords

A Guide on Best Practices for Creating Strong, Safe Passwords

Protecting your online accounts, your data, and your clients’ information is now more critical than ever. Industry and state-mandated compliances are now forcing businesses to tighten their cybersecurity, and it’s imperative that every human being on the Internet take their own personal security seriously. This guide is designed to offer the best practices for strong passwords.

Why Do Good Password Habits Matter?

You may think, “Oh, it’s just my Facebook, Netflix, Hulu, Google, or Amazon account, what do I really have to lose?”

Well, there is a lot to lose, and it could affect your employer as well.

Poor password habits are one of the leading causes of modern cybersecurity problems. People are using the same passwords across multiple accounts, and often use passwords that can easily be guessed or brute-forced (a process where a hacker tries thousands of common passwords and combinations to gain access to an account). Using the same password across multiple platforms is a massive issue, and responsible for many recent high-profile cyberattacks, such as the Disney+ attack we saw last November.

If someone uses the same password on their Netflix account for their work email (or some other work account) then they are putting their company’s security in the hands of Netflix. If Netflix is involved in a data breach, that user’s business is compromised as well.

There are No Shortcuts

Alas, there is no easy, secure way to check to see if a particular person’s password is unique. There is no network policy that will somehow know if the user is using the same password for their Amazon account or their personal email or their eBay account.

We can force strong passwords all day long, but users will make it easier for themselves by using common shortcuts that will make it easier to remember passwords. That includes using common password terms, and putting an exclamation mark at the end to satisfy the “use a symbol” requirement. If many people do it, it doesn’t help security. Remember, the hackers can see password trends when big data breaches happen.

Password Rules Every Person NEEDS to Live By

Rule #1 - Don’t Use the Same Password Twice

Today, this is the most imperative rule. You might feel like a savant with a very complex password memorized, but if you use it across multiple platforms, you are putting yourself at risk. Data breaches happen all the time, and as soon as a company like Netflix, Yahoo, Microsoft, Google, or literally any other online entity gets breached, hackers start to try all those accounts everywhere else. They might be trying your password on other services before you learn about the data breach.

Rule #2 - Use Strong Passwords That Can’t Be Guessed

If I know you reasonably well, would I be able to guess your password? If you are using your dog’s name and your birthday as a password (muffin091356) to lock down your bank account, you aren’t doing much to keep anyone out. On top of that, common phrases and words are often guessed pretty quickly when a hacker uses their tools to try to force their way into an account.

Most sites require numbers in their passwords. Maybe your favorite baseball player is Kobe Bryant, so you use his jersey number as a go-to for your passwords, or you use the number 42 because you are a big fan of The Hitchhiker’s Guide to the Galaxy. If someone knows you well enough, would they be able to guess that? All you are doing is leaving tiny chinks in your armor.

Rule #3 - Use 2-Factor/Multi-Factor Authentication

2FA (also known as Multi-Factor, MFA, 2-step verification, and a slew of similar names) is when you need one more method to prove you are actually you when logging into a site. Generally this involves having a text message sent to your phone, a code sent to your email, or a code generated from an Authentication app on your phone that you key in after you have used the correct password.

This means nobody can get into your account unless they have access to your phone or email. Obviously there are still ways around this - a hacker could intercept your text messages or gain access to your email, but this is a lot more difficult than simply guessing a password (provided that your passwords are unique).

Setting up 2FA on your email accounts, social media profiles, bank accounts, and anywhere you possibly can will enhance your overall online security by a lot. Not all accounts and services offer 2FA yet, but those who take security seriously do.

Rule #4 - Don’t Store Passwords Insecurely

To be perfectly clear - your passwords don’t belong on a sticky note adhered to your monitor. They don’t belong in a text document called “passwords” on your desktop. They don’t belong in your email inbox. They don’t belong on a note in your phone.

The only safe way to store passwords is in an encrypted state, behind another strong, unique password. There are specific tools designed to store passwords - for example, KeePass, Dashlane, 1Password, and LastPass are highly-rated password managers designed to store passwords. These tools work great for individuals, provided they are used properly and locked down with a secure password and 2FA.

For your business, we can work with you to determine the best solution for you and your employees to protect and store company-wide passwords.

How to Make Good Password Habits Simple

We realize that, in order to have healthy password habits, we are asking you to complicate your everyday life by making it harder to get into your Netflix account. It’s an inconvenience we all have to force ourselves to live with.

That being said, there are ways to make it easier without compromising your security.

Invest in a Password Manager

We briefly mentioned this in Rule #4. Password managers like KeePass, Dashlane, 1Password, and LastPass are great, cost-effective options for getting control over your passwords. For the individual home user, we often recommend LastPass for its ease of use and the free account will usually be enough for most. For businesses, we recommend you give us a call at 703-359-9211 so we can discuss your requirements before you or your staff start dumping passwords into a third-party tool.

Password Managers make it easy to use long, complex passwords because they remember everything for you and are easy to access from your browser and mobile device. Logging into your Amazon account on your laptop? If you are signed into your password manager, it should be able to autofill the login form for you. Logging into Netflix on your smart TV? Pull out your phone and go into your password manager and bring up the password. 

Most password managers even let you randomly generate secure passwords and save them automatically.

Use Passphrases Instead of Passwords

A passphrase is a string of several random words used as a password. Scientifically, a passphrase is harder to crack than a standard password, and easier to remember.

For example, if your password was ‘racecar’ but you were trying to be clever and include the required numbers and symbols, you might make your password ‘r@c3car’ or ‘racec@r96’ or ‘racecar96!’ Either way, this is a relatively easy password for a machine (or an equally clever human being) to guess.

Instead, by chaining several random (the key word here is random) words together, you can create a password that is easy to remember but extremely hard to guess.

What might these random words look like? 

Happy Apple Saxophone Ruler

Add a few random numbers and special characters, and we’ve got a password that is easy to remember, but would take forever to crack. A hacker running a tool that makes 1000 random guesses every second would take centuries to guess this password:

$MoodyBananaAccordionGenius@772

(Please, hopefully it doesn’t need to be said, but don’t use the example password above for any of your accounts.)

If the words are truly random, meaning someone who knows you well won’t be able to guess them, you’ve got a strong password that is easy to remember.

The Short Version

We want to make this easy for business owners and office managers to share this advice with employees who aren’t thinking about company security on a day-to-day basis.

  • Don’t, under any circumstance, use the same password twice.
  • Use strong, random passwords that can’t be guessed, and that don’t contain identifiable information such as names, birthdays, and interests.
  • Always use two-factor/multi-factor authentication when available.
  • Don’t store passwords in text documents, emails, sticky notes, or anywhere else they could be found.
  • Use a password manager for individual home use (and an enterprise-level password manager for business use).
  • Use random passphrases to make complex passwords that are easier to memorize.

In Conclusion - Invest Energy into Educating Others

From a business owner or office manager’s perspective, one of your biggest cybersecurity vulnerabilities are your employees. This doesn’t mean your end users aren’t intelligent, compassionate people who want the best for their employer, but they probably don’t understand the liability that comes with not having good password habits.

We encourage that you take time in educating your staff and sharing resources like this, and promoting healthy online habits both at the office and at home. We would be happy to offer cybersecurity guidance for your business, and a part of that can include educating your staff on ways to protect both themselves and sensitive company information from being compromised online.

Want to learn more? Give Macro Systems a call at 703-359-9211.

A List of Services Macro Systems Can Provide For Y...
What Should a Successful Business Continuity Plan ...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, November 21, 2024

Captcha Image

Customer Login


Contact Us

Learn more about what Macro Systems can do for your business.

(703) 359-9211

Macro Systems
3867 Plaza Drive
Fairfax, Virginia 22030