Cyber Security Awareness Month is in full effect, sparking a lot of great ongoing discussion across social media channels and Internet forums using #CSAM. We thought we’d use the occasion to highlight the foundation of any strong security protocol – the password.
Here are five tips for getting your password protocols and requirements right.
- One is Never Enough
Bud showed us long ago the importance of choosing strong passwords. We’ll assume that everyone in your company is already using passwords that meet minimum requirements set to safeguard security. And, we’re assuming that these passwords are actually passphrases to add complexity. If not, setting proper requirements is a great place to start.
The question then becomes if your workers are using enough passwords. We constantly hear about password breaches and leaks. If you’re using a single password, thieves have access to every online account you own. A leaked mobile app password opens access to financial services, corporate networks and so much more.
In the case of a breach, you must proactively remember each account, log in and change your password. Or, you can create individual passwords for each online account to minimize major security threats if your one and only password is compromised.
- Get a Manager
Better yet, get a password manager. Using a different password for each online account is very difficult for most people – if not impossible. Using a password manager simplifies the proposition and can help ensure compliance.
- Change is Good
Even strong and unique passwords can be stolen or leaked. The scary part is that we don’t always know about the leaks. Thieves often lay in wait for months to use stolen credentials. The answer is to change your passwords on a regular basis – at least every 120 days. You changed your clocks and replace your smoke detector batteries – change your passwords too (only more frequently). At a minimum, be sure to change your password when there is a known issue or breach.
- Turn On Two-Factor Authentication
Even strong, unique and frequently changing passwords can be stolen or leaked. Two-factor authentication helps to mitigate the damage of a stolen password. Consider implementing a two-factor authentication system in your organization.
We’re particular fans of SMS authentication codes. Primarily because they offer an easy second token that almost anyone can use. Also be sure to encourage your workers to use two-factor authentication whenever it’s offered by a website or cloud service.
- Stay Up-to-Date
Security leaks and threats appear and evolve rapidly. You need to stay up-to-date on the latest leaks, fixes and patches. We provide a weekly overview on our WatchGuard Security Center blog. Subscribe to receive email updates and you’ll receive each update in your inbox.
Again, October is Cyber Security Awareness Month. Make sure you are cyber aware and stay tuned for more security updates right here on the WatchGuard Smart Security Blog.