- Implement Long Passphrases
For many years, users have been adopting the practice of combining numbers and symbols to create stronger passwords, although, it didn’t take very long for cyber criminals to catch on. These hackers started substituting some letters in the word with certain numbers or symbols, such as ‘e’ with a ‘3’ and ‘s’ with a ‘$’. There are also automated tools available to easily crack simple substitutions like these. Users must often memorize dozens of difficult passwords nowadays, so most users would rather let their browsers remember them instead. These practices put password security at risk and therefore, you should consider implementing long passphrases. Choose the first letter of a phrase, length is key and the complexity is a plus.
- Two-Factor vs. Multi-factor Authentication
Two-factor authentication (2FA) has become a standard for managing access to corporate servers which users must now confirm their identity with a one-time code sent to their mobile device or using a personalized USB token. Two-factor and Multi-factor authentication solutions are used by businesses of all sizes seeking to keep confidential data secure. They can help to lower the likelihood of identity theft, as well as phishing scams, because criminals cannot compromise logins with usernames and password details only. Multi-factor authentication (MFA) is an additional security layer for businesses to address the vulnerabilities of a standard password-only approach. To be sure, here’s a great way to test: https://howsecureismypassword.net.
- Ensure a Secure Connection
There are currently a wide range of devices and places that can provide access to corporate networks, yet hackers can still steal passwords if employees use unsecured Wi-Fi connections or devices that don’t belong to them. In order to secure your Wi-Fi network, use a Wi-Fi Protected Access (WPA) 2 that applies stronger wireless encryption methods. For businesses with remote workers, consider providing a secure VPN connection for which users can securely connect to corporate servers, since all the traffic is protected through a VPN tunnel.
- Add Advanced Authentication Methods
While passwords are still the most commonly used method for authorization, there has been an increased tendency to start using non-password based and more advanced approaches. Instead of passwords, users can be authenticated using biometric verification, such as logging into an iPhone using a thumb print with Touch ID or for authenticating on a Windows 10 PC with facial recognition. These methods allow the system to identify users by recognizing their fingerprints, faces, irises, voices, or heartbeats.
- Apply Password Encryption
Encryption provides additional protection for passwords even if they are stolen by cyber criminals. There is a widespread tendency to use reversible encryption or apply only one-way encryption, but these methods are ineffective, because an attacker can obtain the password database and can easily crack and compromise the passwords. Instead, consider using an end-to-end encryption that is non-reversible. This way, you can protect passwords in transit over the network. Beware that it is dangerous to store password files in a plain text. There are many cases where hackers have been able to compromise an enterprise’s password database and got away with a wealth of unencrypted passwords.
Stolen or weak passwords are still the most common reason for data breaches, so it is best that businesses, whether large or small should pay very close attention to password security policies and password management. By utilizing some of these recommended best practices, you can create an effective password security policy and provide stronger protection against unauthorized access.