Today, more than 35 percent of small enterprises, as well as almost 20 percent of medium-sized businesses, utilize weak passwords in their day-to-day operations. This statistic contributes to the continued targeting of small- to medium-sized businesses (SMBs) by hackers, which is why SMBs make up more than 60 percent of data breaches. The subsequent cost leads to more than half of affected SMBs closing within six months.
In response, companies of all sizes are re-directing their focus to employee security practices, such as password creation. As standards for password creation and memorization continue to evolve, it’s essential for every organization to learn how to create a secure password now and in the future.
How to Remember a Strong Password
Here are five practices and tactics companies are suggesting employees implement to create and remember strong passwords.
1. Avoid Personable or Pop Culture Passwords
All users, whether for business or personal accounts, will often choose a password that’s defined by their relationships, hobbies and traits — information that’s usually accessible to the public via social media, people search websites or another public resource. Another feature found in weak passwords are pop culture references, well-known phrases and traditional swaps for letters, number and symbols, such as “1” for “l” or “@” for “2.”
As a result, it’s critical your staff avoids personable or pop culture passwords. Instead, teach them how to create a secure password that’s impersonal and original.
2. Create a Password With the Passphrase Method
Today, security professionals recommend a password of at least 12 characters, featuring symbols, numbers and both upper- and lower-case letters. In many cases, these requirements lead employees to re-use their passwords across accounts, which is an absolute security risk. A trusted tactic for how to create a strong password, per these industry standards, is the Passphrase Method.
If you’re familiar with the Passphrase Method, it’s undergone an update in the past few years. Initially, it focused on stringing together four common, unrelated words into a phrase, such as, “correct horse battery staple,” sans the spaces. That’s still applicable today, however, it’s now recommended to combine six words to create a secure password. When sharing this technique with staff, it’s paramount to emphasize that the words must have zero relation to one another.
Additional techniques for how to create a strong password include the Bruce Schneier Method and the Person-Action-Object (PAO) Method.
3. Use a Password Management Tool
The increasing standards for password creation continue to challenge users, specifically with memorizing an impersonal, 12-character password that’s non-sensical. The introduction of password management tools offers a solution to the frequent question of how to create a secure password you’ll remember. Several platforms for password management are available, including the cloud-based LastPass and 1Password — password management tools with local storage options are also in use, like KeePass.
The advantage of a password management tool is its ability to streamline password memorization, encrypt passwords and support industry standards for secure passwords. If you choose to introduce a cloud-based password management tool into your company, however, it’ll require every employee to create a master password, which they’ll store outside of the application. That’s why it’s vital to encourage employees to choose a secure password, as well as a safe space to keep it.
Due to varying technical levels, remember to explain the use and difference between a password management tool and an internet browser’s password-saving features to your staff, as well.
4. Provide Non-Traditional Answers to Security Questions
Answers to security questions, such as your mother’s maiden name, your high school’s mascot or your favorite movie, are widely available today due to social media and people search websites. Now, users must provide answers that mimic their passwords — impersonal. In many instances, your company’s preferred password management tool should also store your security question answers, which alleviates memorization concerns.
Staff can utilize some of the above techniques for password creation, like the PAO Method, to build secure security answers.
5. Implement Multi-Factor Authentication
Still, the creation of secure passwords and security answers does not guarantee protection from hackers. It does, however, decrease the chance of a successful attack. To further protect your company’s data and employee accounts, use two-factor authentication. Several applications are available for use, including Google Authenticator and Authy, which Dropbox and LastPass support.
A newer method, one-button authentication is undergoing development by Google and Blizzard, but its age and lack of support make it a non-option for companies.
Why Passwords Are Only One Part of Online Security
The above tips are useful for how to create a secure password for professional and personal accounts, but they encompass only one portion of online security. For businesses, there are several other components to a well-rounded security approach, including encryption, data security and compliance with industry standards. In response, many organizations rely on an in-house IT team, as well as a third-party service provider for securing their operations.
To demonstrate this relationship, consider the necessity of an organization, such as in the financial or medical sector, to deliver a virtual document with confidential information to a client or patient. The use of a secure document delivery service, such as from Softlinx, provides the necessary encryption and proper authentication to ensure the document and its sensitive data remains protected. It also complies with HIPAA and PCI DSS, meeting the standards of these markets.
As a result, online security encompasses global and local features. Across your business, for example, you may require HIPAA compliance and the use of a company-approved password management tool. The passwords your staff creates, however, may occupy a more localized level in your security plan with specific standards for password creation and storage.
Secure Your Company Data With Softlinx
At Softlinx, we’ve delivered cloud-based fax and secure document delivery services for more than 20 years to organizations throughout the medical, financial and insurance sectors, as well as to world-class technology providers, such as Microsoft, Cisco and IBM. By focusing on security, compliance, reliability and 24/7 support, we’ve become a trusted and respected partner to companies of all sizes.
Learn more about our HIPPA- and PCI-compliant solutions for your industry by contacting us today.