Keeping passwords safe: A guide for businesses

Business Tech

The scope of cybersecurity extends beyond compliance. It is important to take all possible and necessary steps that can prevent a security breach, which can have devastating consequences for any business. A breach can mean damage to repute and market standing, beyond the obvious compliance mess and financial losses. Among other things, password protection is an aspect that businesses need to take on priority, and in this post, we are sharing all that takes to keep passwords safe.

Change default details

Products, especially software and firmware, often come with default usernames and passwords, which are super easy to guess. If not changed, a hacker can use a default backdoor password and have control of a networked device remotely. Once products have been deployed, it should be a priority to change both default usernames and passwords. Any device that’s connected to a network, including IP cameras and video surveillance devices, can be hacked otherwise. 

Focus on strong passwords

Even a few years back, an 8-character password would be considered enough. Not anymore. This is the time to create strong passwords, especially passphrases. Employees must be encouraged to create passwords that have at least 16 characters, with special characters, uppercase & lowercase letters, and numbers. The length of a password and its complexity are key aspects. 

Don’t miss the basics

There are a few ground rules that must be followed for password protection, such as – 

  1. Passwords shouldn’t be repeated for different accounts and resources
  2. Old passwords shouldn’t be reused. 
  3. There shouldn’t be any personal information or business details in passwords. 
  4. All passwords should be random. 
  5. Passwords must be changed from time to time. 

Ask your employees to follow the above, and password protection shouldn’t be a tough job. 

Try multifactor authentication

Also called MFA, multifactor authentication basically adds a second or third layer of security, beyond a strong password. For instance, after a password is entered, the user may be prompted to answer a security question, followed by onetime password sent to their mobile. Even if a hacker manages to access passwords, they cannot authenticate anyway, which can prevent serious breaches. MFA is something that businesses should consider for customers and vendors too, and not just employees. Also, to avoid brute force attacks, it is wise to consider the lockout feature. The feature basically locks an account for a day or two, if the user uses wrong passwords for more than three or more times. 

Get the organization together when it comes to password security.