Back in the day the advice was to change your passwords often, sometimes as often as every 14 days. Well we all know that is simply a pain in the backside. This was before modern authentication methods and mentalities came into effect.
That’s now bad advice and here is why..
Because cyber security threats are a lot worse today than they’ve ever been. Even if all of your passwords are complex and unique, malware and phishing attacks can still expose them given the right environment. That being said a strong password is still more secure than a weak password but its arguably less important than having the right password policies and processes in place.
Some malware reads each key that’s typed into your keyboard, exposing everything that’s entered. And phishing attacks can encourage people to log in to fake websites, handing over their passwords without realising it. So how do you protect your business?
If you have the option to use multi-factor authentication, turn it on. That’s where you generate a code/text/call/prompt on a separate device to prove its really you logging in. It’s not fool proof, but it can prevent the majority of cyber-criminals from accessing your systems. Turn it on everywhere it’s available. And even look at changing settings to force all employees to use it as well.
Also look at setting your users with limited permissions so even in the event of a computer hack malicious software has less chance of making changes.
Check out this Microsoft article explaining MFA in more detail – Here
So what do we suggest?
Password Policy Tip 1 – Use multi-factor authentication
Office 365 and Windows 10 supports MFA right out the box and its completely free with their Authenticator app. Once enabled on your user account its a simple case of authenticating your computer via text, call or security PIN and once authenticated you won’t have to authenticate your device again unless you make hardware or major changes. This will protect you from 90% of external breach attempts.
We have helped many customers configure MFA and in reality it takes a few minutes per user. Did we also mention the Microsoft Authenticator app is free!
Windows 10 can also be configured to require 2 login methods at the point of login so if you have a biometric enabled device you can set both a password and a fingerprint for example.
Password Policy Tip 2 – Use a strong password
Goes without saying that avoid using ‘password’ but also consider using something that is not linked to you – So avoid birth dates / pet names / street addresses. Instead focus on a keyword that is not personable but is still easy to remember and then build complexity around that. If you are a keen cyclist then B!cycle2021#123 is a good candidate – it has all the elements covered so that means capital letters, symbols and numbers also its more than 8 characters.
Password Policy Tip 3 – Consider a password manager
Something like LastPass can allow you to keep multiple passwords for your accounts and still be protected through a single master password. This is far more secure than using the same password for all your logins. Failing that you can password protect a Excel (with a strong password) and keep your passwords within that.
Password Policy Tip 4 – Use private browsing and sign out!
If you need to access sensitive information especially from a public or high traffic computer start using in-private (incognito mode) tabs. These do not track your journey in the same way normal browsing tabs do and your passwords / cookies etc will not be remembered.
Also remember that just because you have closed your web browser down that does not mean your various portals are safe, many online portals including financial pages will keep sessions ‘alive’ even after a user has closed down so remember to hit SIGN OUT every single time to avoid the next user logging into your social media accounts or credit card history.
If you need any advice on your digital security Get in touch today to find out how we can get things moving.