5 Secrets to Password Security in 2022

There is no sure-fire way to make sure you're 100% secure 100% of the time when it comes to password security. Cyber-security, in general, is an always-evolving landscape, so it's essential always to do your best to stay one step ahead of hackers. Today, password security is the front line of defense, so in this blog, we talk about 5 secrets to keeping your passwords, and by extension, your data safe.  

1. Set Password Requirements.

    

In today’s cyber-world, passwords can be treated as currency in the worst ways possible. Having a simple and easy-to-remember password should now be frowned upon, especially when it comes to protecting your company’s data. To combat any passwords being stolen from you or your employees, set complex password requirements for your business. Passwords that are no shorter than 12 characters and use a combination of numbers, letters (capitals and lowercase), and symbols/special characters are a great place to start. The longer and more complex the password, the harder it will be to crack.

2. Use a random password generator.

    

In a perfect (secure) world, no one would actually know their password off the top of their head. This may seem counterproductive since if you don’t know your password, you won’t be able to access anything, but let us explain. As mentioned in our first secret, the days of using a simple and easy password are no longer here, and if your password is easy to remember, then the odds of it being easy to crack are much higher. Using a random password generator not only allows for secure complex passwords to be created for you, making the job of thinking of one easier, but it also takes the human element of remembering your password out of the equation. Bad actors are no longer just using phishing emails to retrieve sensitive information such as passwords; they also use social engineering tactics to get the information right from the source. Not even knowing the password to an account you use daily lessens the likelihood that your password could be stolen from you by someone who may be posing as a co-worker, colleague, or even friend.

1. 1. 1. 1. 3. 1 Password per 1 Account.

Again, once a password is captured by a bad actor, it can be traded like currency in the darkest corners of the web. Making sure you and your employees have a different password for every account they have access to is the best way to keep the value of your passwords as low as possible. Having a different password for each account can be cumbersome, but it’s one of the best ways to make sure that if your password is cracked for any 1 account, it doesn’t leave you vulnerable on any others. It’s easy to have to change 1 password if it’s cracked; it’s entirely different from having to change dozens of passwords due to one account being compromised.

1. 1. 1. 1. 4. Password vault applications are your best friend.

Writing down your password or keeping a note on your phone is no more secure than it would be just to have 1 password for every account that is easy to remember. So how do you keep track of them without compromising your security? That is where password vault applications come into play, and they can be one of your best security investments of all when it comes to keeping your data and accounts safe. These applications often use 1 “Master” password, which you create, along with some other form of verification (FaceID, TouchID, multi-factor authentication, etc.) to keep all your passwords in one secure location. There are dozens of applications out there, from free options like Keepass, Keychain Access (MacOS), and 1Password, to more advanced, paid options with more features such as LastPass, NordPass, and Keeper. Having a password vault keeps your passwords securely in one place and allows you to follow secrets 1 thru 3 listed above more easily.

1. 1. 1. 1. 5. Utilize multi-factor authentication.

Lastly, and possibly most importantly, the utilization of multi-factor authentication on any account where it can be turned on is a highly recommended password security tool. If you are a Summit Hosting customer, we offer this to you through our Summit Secure Workspace suite. Multi-factor authentication is used to make sure the person signing into an account is who they claim to be. If your password is ever compromised on an account that has MFA enabled, you will receive an alert for an attempted login. If you are not the person who is trying to log in and you receive an alert, you can easily deny access and instantly know that the password to that account needs to be changed as soon as possible.At Summit Hosting, we do everything we can to keep your data secure within our environments, and we believe that security should be on the top of any business owner’s mind. Password security and protection is just the first layer of security for your business, but it doesn’t have to be a weak layer. By using these 5 secrets to password security, you can rest assured that the security and safety of your business are off to a strong start.   To learn about other cybersecurity best practices, contact our team of Cloud Productivity Experts, check out our cybersecurity blog series, or read about how we keep your server and data safe using Summit Secure Workspace.