Secure Password Advice for Small Businesses

In the modern online age, you can never be too careful with your passwords

Secure Password Advice for Small Businesses

Every small business has passwords, whether it is to access their email, webmail, website, blog, online accounts, log in to trading platforms, online banking etc.

But how secure is your password?

Here we present some secure password advice for small businesses to help the choose a secure password in the first place and then to keep those passwords safe.

Choose a Secure Password in the First Place

The whole point of having a password is that you are the only one who knows that password. Having default passwords is not very clever because, although a would-be trespasser might not KNOW your password, you don’t want it to be easy to guess.

For example, Gary McKinnon, the famous British “hacker” gained access to numerous US defence computers using the most simple and obvious passwords, the ones that any potential intruder would guess first. These included default and even blank passwords. McKinnon wrote a script to search for blank passwords on the remote systems and accessed numerous US military and NASA computer networks.

Hard-to-guess passwords are the best and the more complicated the better. In fact, password is a bit of a misnomer because passphrases are better and, whilst difficult to break, are often more easy for users. Using this well-known line from a song lyric we get:

First I was afraid I was petrified

Now, you need to get rid of the spaces;

FirstIwasafraidIwaspetrified

We’ve now got a reasonable length, 28 character password that will be more difficult to break than a shorter password.

These are however still easily recognised words that can be eventually cracked using software so it is good to substitute letters with numbers and/or special characters.

F1rst1w@s@fr@1d1w@spetr1f1ed

Simply switching all the ‘i’s for ‘1’s and ‘a’s for ‘@’s we have a simple to remember password with an easy to remember method of encrypting the pass – and there is not one easily recognisable word in that phrase after we’ve applied our trickery to it.

If you want to skip all that you can use this random password generator to provide you with from 1 to 100 24-bit passwords.

Then Keep it Safe

I don’t know how many times I’ve seen users’ passwords written on Post-It notes and stuck to the monitor bezel on a desktop PC. Don’t do it – It’s almost not worth having a password if you are going to do that.

The best place for passwords or phrases is to remember them and the process you applied to make them more secure. If you can remember birthdays and anniversaries then it should not be too hard to remember a strong pass phrase and the method of encrypting it.

If you do have to write the password down make sure it is in a very safe place. How about a safe or strong deposit box? Make sure it’s not obvious to anyone else but yourself what the password is and what it is for.

Remember – what would you do if you lost your password? Many systems have methods for resetting passwords of you lose or forget them but, in the cases where you do not have a password reminder or reset, you absolutely MUST remember your password or you could lose access to all your precious data etc.

DO NOT

  • So, do not use blank or default passwords e.g. admin, password
  • Do not use consecutive numbers – e.g. password123
  • Avoid repeat numbers – e.g. password111
  • Do not use short passes – e.g. pass
  • Do not use the same password for everything
  • Do not stick your password on a Post-It note on your monitor

DO

  • Use as long a password as you can manage. At least 8 characters is a good start but you really want a 20 character password.
  • Use a combination of upper and lower case letters, and use numbers and special characters too e.g. P@ss!Ng53cUr3!y
  • Do try and use a passphrase wherever possible, choose a memorable phrase, saying, lyric…
  • Do try and change your passwords regularly. Some systems force a password change every 60 days for security reasons.

Good luck with your password policy and make sure you enforce it across your business to ensure that all your users are safe and secure, because it could cost your business dearly if you allow your security to be breached.

Remember to integrate your password practices with your email policy, your internet policy and your social media guidelines.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>