Good Password Policy May Not Be Sufficient

It is a fact that complex passwords are not as strong as most people think. It is estimated that 80% of cyber breaches are due to weak passwords, potentially putting businesses at risk of losing millions. Password security depends on making cyber security a bigger issue because every individual who has a work or private internet account has a password and most of the personal and company data is now hidden behind them. A good password policy may not be sufficient but it helps reduce cyber breaches if an individual or organization takes care of password management.

This makes an organization’s cyber security dependent on its rank-and-file employees because every staff member with a password to access corporate systems or data is potentially a weak link in the organization’s cyber security chain.

Never treat your passwords as traditional keys. People don’t make multiple copies of keys so that they can leave them anywhere, likewise, passwords should be taken care of and should stop writing down passwords on bits of paper and throw them away.

Passwords are sometimes made so complex that owners can’t remember them, sometimes lost or not updated. Most companies believe that a good password alone cannot be enough to protect their data and systems against intruders.

So How Can You Infer That Password Is Perfect?

• Strong Password: The secret to the strong password is neither the longest one nor the most complicated one, but the password that is personal to the user can be remembered easily, where the user doesn’t have to write it down

• Simplifying Password Management: Formula-based (algorithm) based passwords have many advantages over traditional passwords. These algorithm-based passwords are personalized to each employee to log in with Special characters and numbers (employee ID) which makes them easy to remember

• Under Organization’s Control:  password vaults centralize the whole process of creating and updating passwords which enables an organization to take control of Cyber Security. These password vaults also help in identifying the strongest password, recent password changes as well as failed login attempts

• Two-Factor Authentication: organizations must use two-factor authentication to increase the number of hoops a potential attacker has to jump through. Should also use air-bridge or gapping mechanisms to ensure different devices and networks are isolated and have different “ratings” of security depending on the sensitivity of the data or system

To learn more about Two-Factor Authentication: click here

Ref: Computer Weekly | SecurEnvoy