While most business owners advise their employees not to share their passwords with anybody else, there may come times where hackers will try to access company accounts without your people’s knowledge. Unfortunately, some security advice that has become common knowledge may not actually be as effective as the general public believes it to be. In this article, we’ll discuss a few misconceptions about certain tips on making stronger passwords, and why your employees should either follow or reconsider them.
Tip #1: Use at least 12 characters for each password, if the applications or websites allow it, because longer passwords are more difficult to guess.
The Verdict: Effective
Even adding only one extra character to the end of your password will make it harder for password-cracking tools to find the right combination. According to an article on Infosecurity Magazine, a password containing eight characters would only take an automated tool a little less than four days to crack. Going to the other extreme, a password that’s 28 characters long would take nearly 18 years for a machine to crack.
Tip #2: You can use a short password, as long as you mix up all the characters so that they contain a random string of alphanumeric numbers and symbols.
The Verdict: Effective, but only against humans
Most employees are told not to use a complete word from the dictionary, as this could make them vulnerable to dictionary attacks. However, mixing different types of characters up only makes it harder for other human beings to guess your password. A properly calibrated machine or software, on the other hand, can easily go through thousands if not millions of character combinations in a short amount of time.
Tip #3: Regularly requiring employees to change their passwords every few months will make all business accounts more secure.
The Verdict: Ineffective
A recent study by The University of North Carolina, titled “The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis,” found that users who had to change their passwords all the time tended to follow certain patterns, such as adding or removing just one character or replacing letters with symbols that looked similar. Because hackers can use this old data to observe how the user thinks about creating passwords, it makes it easier for them to try and guess even more passwords for the other accounts that they own.
Keep Your Business Updated on the Latest Cloud Security Practices
While these are only a few of the myths surrounding strong password creation, there are other methods your company must implement to build up defenses against possible data breaches. Setting up two-factor authentication can add an extra layer of security to all accounts, as well as maintaining the usual policies discouraging the sharing of passwords. Though this may all seem like a lot of extra effort, it is only a drop in the bucket compared to the large sums of money you could lose by allowing a tiny crack in the system to stay unprotected.