In a world where biometric authentication is becoming more common, the need for strong text-based passwords is still a key priority for businesses to protect the integrity of their sensitive information, and that of their clients. Firms should not discount the importance of a strong text-based password.
According to Statista, a 12-character password containing a least one upper case letter, one symbol and one number would take up to 34,000 years for a computer to crack, while a password of 8 standard letters (which contains 209 billion possible combinations) could be cracked by a computer instantly (Buchholz, 2021).
Passwords such as “password,” and “123456,” and “qwerty,” may have been more common practice when mobile devices with physical keyboards were synonymous with professional services providers. But with increasingly more application services available for professionals which require some form of password authentication, managing and remembering strong passwords can feel like a daunting task, and one should never resort to using a single password for all or most of their applications.
The following guidelines can help mitigate the chances of a password hack and subsequent claim against you and your firm:
Password Policy
Creating a password policy will not only help with compliance, but also help guide employees on the importance of password management and the implications should there be a data breach. Employees should acknowledge they have read their firms password policy and an appropriate contact should be provided if there are any questions or if an employee has a concern about a potential breach.
Social Media Hygiene
Your child’s name, your pet’s birthday – all popular passwords as they are easy to remember given their significance in your life but are also some of the easiest to crack as people love to share their life moments on social media. For those not active on social media, your connections may share group moments on their profiles, which also creates an exposure for a password breach. This doesn’t mean you should go cold online, but ensure your password is not derived from anything you or your friends post to social media.
Safe Password Storage
Firms should look to secure a password manager service for their employees. Password managers provide an encrypted and secure solution for employees to store their various passwords by only needing to remember one master password. There are several types of password managers available, ranging from free to paid versions, and for individual consumers as well as enterprise solutions.
Consistent Training
Firms should provide training for their employees as part of their onboarding process and periodically throughout the year, including what steps to take should there be a suspected data breach. As machine learning models become more sophisticated and become a tool that bad actors deploy to hack into sensitive data, firms should stay up to date on the latest trends in password management.
For more information on how to manage your passwords, contact:
Chris de Sousa Costa, MBA // 647.242.7469 // cdesousacosta@purvesredmond.com
Works Cited
Buchholz, K. (2021, December 1). Statista. Retrieved from Statista.com: https://www.statista.com/chart/26298/time-it-would-take-a-computer-to-crack-a-password/