7 Strong Password Policies You Need to Insist On

657 Views

Your employees are putting your cybersecurity at risk. They’re not just doing so by clicking on suspicious links or downloading apps and software without consent. In fact, one of the riskiest things that they’re doing is choosing poor passwords and being reckless about it.

You see, an average employee receives a lot of emails containing company trade secrets, and they have accounts on your project management platforms. They are also leading active correspondences with other members of your team.

If one gained access to their password, they could access all this data in no time. Not only that, they could also impersonate your employees and request all sorts of corporate files and data that could cause a huge problem.

If they’re extra malicious and intend to create as much damage as possible, they could delete files, close projects, and edit files. 

Here are the top seven strong password policies you should insist on (these would hopefully keep you safe).

1. Don’t pick something obvious

The worst thing you can do is pick something obvious and easy to guess.

If someone had to guess your password, they’d start with things that are “logical.” People who know you will try your favorite actor, player, or historical figure. They might pick your favorite historical character or your favorite piece of media.

Even if they don’t know you as intimately, they might pick something meaningful. The name of your pet, your anniversary, your mother’s maiden name. These are the generic security questions, but you would be surprised at how many people actually pick these kinds of passwords.

Now, take a second and think about your own password. If someone were to follow our list of “bad” password ideas, how close would they come to your own password? If this is even in the conversation, you need to understand that you’re doing something wrong and you need to change your password-related behavior as soon as possible.

Ideally, you would pick something completely random. We’re not just saying a word that has no meaning; we’re saying something that’s not necessarily even a word. 

Sure, this is harder to memorize, but it’s also near-impossible to crack. This is how you stay safe. 

2. Make an effort

The worst bane of cybersecurity is laziness. This is what makes you avoid the idea of implementing multiple-factor authentication. After all, why type the password and a code (or follow an email link) when you can just type in the password and be done with it?

The worst part is that people are too lazy when making up passwords, which makes them take an extra lazy route of just picking something that’s easy to guess. They pick something that they’ll have an easy time memorizing, which is often something either extra personal (we’ve already covered that) or incredibly basic.

What do we mean by that? Well, a lot of people think that they’re extra witty and smart, which makes them choose something like “Password” as their password. 

Others are just bored, and they go with “1234.”

The problem with these passwords is that they’re incredibly easy to guess. They’re the first thing that an average hacker will try out, sometimes even before they boot up any kind of generator.

Sure, coming up with something unique and randomized takes a lot of effort, but it’s an effort well worth it. Picking a simple password is like not locking your home because you hate the idea of having to unlock it to enter. 

3. Use password manager

So far, we’ve mentioned the main reason for having a poor password is laziness and the fear that you’ll pick a password that you won’t be able to remember. Now, we might have been a bit too harsh. It’s not laziness; picking a good password (especially a random one) is not easy.

Moreover, another major mistake that everyone’s making is using the same password for everything. This way, they have to come up with just this one password and be done with it. The problem is that if this password gets compromised, you’re in far bigger trouble than you previously were.

Not only that, but you have to change them every now and then. According to some guidelines and rules, you’re supposed to change these passwords every 60 to 90 days. The problem is that this increases the needed effort exponentially. 

Just think about it – if you just used four platforms and used four passwords (and you’re using much, much more) and you’re changing them once every 90 days (which you could be doing even on 60 days), you’ll need 12 passwords per year. We’re talking about 12 difficult-to-crack, unique, randomized passwords that you’ll memorize. 

Fortunately, there’s a way to get around this. All you have to do is find a reliable password management tool and the storage of passwords becomes a piece of cake. 

4. Don’t rely just on the password

Having a strong password is a prerequisite to strong cybersecurity, but this is not enough, on its own, to keep you safe. You see, it’s not just the password itself that will keep you safe. You also need to have other measures in place to keep you safe.

First, you need a multiple-factor verification. Sure, they know the password, but now they need to type in the four-digit code that they’ve just received in their SMS or email. Perhaps they have to follow the link they’ve received in an email.

This makes your account much harder to jeopardize.

Another thing to take into consideration is the chance that someone might try to guess their way into your accounts. Well, the way you stop this is by setting up an account lockout after a certain number of bad attempts. 

Just make sure not to be too harsh, or you’ll lock yourself out just because you forgot to turn the caps lock off.

Ultimately, you should memorize all the devices you regularly use. This way, if someone’s attempting to log in, you’ll receive a notification.

5. Be careful what you share online

In one of the previous sections, we’ve mentioned the likelihood that someone will figure out your mother’s maiden name and log in. We’ve also mentioned that they could guess your anniversary or your pet’s name. How? Well, you’re going to tell them.

Not directly, of course; it’s not like they’ll just DM you in order to check what your pet’s name is. They’ll simply find a photo of your dog and read a caption. They’ll check a tagged photo with your maternal uncle and read their last name. They might even scroll down to the last anniversary party and just check the date.

In other words, be very careful what you share online. This is generally good advice, even if you’re not using any of these things as your password.

Learning how to make a password in 2024 is as essential as knowing how to tie your laces

So many people have watched the Discovery Channel documentaries and know exactly what to do when they find themselves face to face with a grizzly or a shark. What they don’t know is how to come up with a good password and why this is so important. They don’t know it even though they use these passwords every single day. The sooner this changes, the better.