Strong password management is a critical aspect of keeping your network secure. Poor management of passwords is one of the most common ways that cybercriminals gain access to a network. The Verizon Data Breach Information Report 2022 found that over 80% of Basic Web Application Attacks (BWAA) use stolen credentials.
A strong password is impossible to guess. To accomplish this, you must use a mixture of lowercase and capital letters, numbers, and symbols. The longer your password, the stronger it is. Each character you add increases the potential combinations exponentially. It is advisable to use at least twelve characters.
Passwords should be all random characters. They should not contain any intuitive or memorable patterns like 4567 or abcd. Many people use strings of words to create passwords they can remember, but this is still much easier to guess than random characters and is not considered best practice.
Another common mistake is to use the same password across every account. The problem is that you can have the strongest password in the world and still be vulnerable to social engineering attacks like phishing, pretexting, and baiting. It is therefore crucial to use different passwords for every account so that a breach of one doesn’t turn into a breach of all of them.
Finally, the strength of your passwords decreases over time. Which is to say that you should change all of your passwords frequently — at least every three months — and never use the same password twice.
Most of us are doing well if we can memorize one long string of random characters, never mind a unique one for every account every three months. Password managers solve this problem by storing all of your passwords in one place and securing them with a master password so that you only need to remember one.
Even coming up with all of those random strings can be difficult, so the best password managers have password generators built in. Apps like Bitwarden and LastPass automatically create strong, unique passwords and places them in encrypted storage that can be synced across all of your devices. They make password management best practices a cinch for even the most forgetful among us.
RAVENii can help you secure your employees’ credentials and your networks with our advisory program and managed security services like Multi-Factor Authentication and Security Awareness & Phishing Testing.
As we mentioned, even the strongest credentials can become compromised, which is why it’s important to enable multi-factor authentication. It may feel like a pain to have to verify your identity via phone, SMS, or email, but it is the best way to keep your networks secure. RAVENii will install this feature on your network and train your employees to use it.
RAVENii’s Managed Security Training & Phishing Testing program is designed to help your business mitigate the number of security breaches caused by human error. Our team will create effective security training and phishing testing campaigns for your employees on the risks they should avoid and the steps they should take if they encounter a nefarious situation.
For more information about password management or any other network security concerns, click here or call (844) 317-0944.