Strong Passwords are Vital

Strong Passwords are Vital

Strong Passwords are Vital, However, everything about them seems so difficult.

Unfortunately Great passwords are:


  • Difficult to think up
  • Even harder to remember
  • It's very irritating when you make a mistake (and have to reset them).

    • Weak passwords and reusing them across multiple logins encourage people into sloppy habits. Sloppy habits are what Cybercriminals exploit to get into your business's accounts and create havoc.
    Someone in your organisation is probably using a weak or reused password to access a critical system.
    If you unintentionally miss a step in your company's security protocol, a hacker's access is much easier when exploiting a vulnerability.

    Frustrating.

    Three big tech companies—Apple, Google, and Microsoft—are collaborating to phase out the outdated password in favor of Passkeys.
    You will have to verify that you are the one using your device when trying to log in to something.
    Your phone will receive a verification message from your computer via Bluetooth, verifying that you are nearby.
    Once you have unlocked your phone in the usual way, using your face, fingerprint, or PIN, you are all set.
    Apple is launching Passkeys with the release of iOS 16. Google and Microsoft will provide similar services soon.
    But it might be a long time before Passkeys have replaced all passwords. So what can you do in the meantime to ensure your business is protected and the day-to-day work easier for your team?

    The best solution to secure your accounts is to utilise a password manager in your business. Here is a comprehensive guide on password managers and why you should use them.

    What is a password manager?


    A password manager stores and manages your accounts' login credentials for websites, applications, and any software you use for work.
    It works on computers and mobile devices.
    It will generate and remember random passwords for every app. It will autofill the login boxes for you when you log in.
    Using a password manager is straightforward. All you need to remember is your master password.

    What are the benefits of using a password manager?


    • There are huge benefits on top of increasing your security and protecting your data:
    • You do not have to remember your passwords.
    • You can generate long, highly secure passwords that are very difficult to crack.
    • You will save time with autofill.
    • It is not a big deal if you use Windows for work but have an iPhone; a good password manager will sync across operating systems and browsers.
    • Having unique passwords for every account helps protect your identity. Thanks to a password manager that scans the dark web.
    • It can alert you to risk. If you land on a fake website, your password manager will not autofill your data because it will not recognize the site as valid.
    • Most password managers will scan the dark web to check if your passwords may have leaked.
    • When using a password manager, your data is encrypted before it leaves your device, ensuring that it is unreadable.

      • What are the risks of using a password manager?


      However, there are a few pitfalls to keep in mind when using a password manager:
      Your sensitive data is all in one place, and you protect it with one master password.
      Cybercriminals might obtain your master password, for example, if you had malware or a keyboard logger monitoring your actions on your device.
      Using biometrics or multi-factor authentication (MFA, in which you use a separate device) is a must to verify that it is indeed you accessing the password manager.
      • Be careful when resetting your master password because it is purposely difficult to reset it.
      • Choosing the right password manager can help mitigate these risks.

        • Which type of password manager is best for my business?


        There are three main types of password managers available, and each comes with its own pros and cons.

        1) Browser-based

        Chrome, Edge, Firefox and Safari browsers all have a built-in password manager.
        Although free and easy to use, browser-based password managers are not a business solution we recommend.
        You must export your data or begin anew if you want to switch browsers.
        They are limited in terms of being used across multiple devices. As a business owner, you have little control over the data that your employee's store. This can be a real problem if someone leaves.

        2) Cloud-based

        These password managers store everything in the cloud.
        They are more secure than browser-based alternatives thanks to their extra security features. Firstly, they back up your vault data, ensuring it is not lost if your device fails.
        The cloud-based password manager allows you to store other sensitive information, such as credit card numbers and encrypted notes. It will detect weak passwords and re-used passwords and create new more secure ones. In addition, some will check the dark web to ensure that your information hasnt been published for hackers to access.
        You can also share secure data easily with coworkers or family members, even if they don't use the same password management service as you.
        A password manager that runs in the cloud can function on any browser, operating system, or mobile device. You don't have to fret about anything; your password manager will perform automatically.
        Cloud based password managers also save you valuable time, in that they will auto-populate credentials for the webpage you are trying to access. Therfore you are not floundering around looking for login credentials.

        3) Desktop-based

        Desktop-based password managers can be the safest type, but the security level depends on how much you and your colleagues care. If something is the safest choice, it does not necessarily make it the best choice for your company.
        These save data on one of your devices.
        And that device does not need to be connected to the internet. That is beneficial because it makes the system less susceptible to hacking.
        A biometric login makes it harder for keyboard logger attacks to be successful. Keyboard logger attacks are when malicious software records everything a person types. With biometric login, you make it more difficult for these attacks to be successful.
        The downside to desktop-based password managers is that you have to remember to regularly back up your data and vault. If something happens to your device and it breaks and can't be fixed or is stolen and you don't have a backup, your safe vault is no more.
        Another issue is that you cannot access your passwords from other devices, and sharing amongst other users in your business can become difficult too.

        Are password managers safe?

        Yes!

        No lie, password managers have a pretty solid track record.
        You can reduce the risk of credential theft by using a password manager to generate and store strong passwords, never reusing passwords, and enabling two-factor authentication.
        You're better off with premium services with other features like security and safe sharing, which businesses need.

        Password best practice

        If you're not worried about using best practices for passwords, there's no point in using a password manager. If you're not already taking care of this, be sure you and your team are doing everything necessary to keep your business and data safe.
        Most importantly, everyone in your business needs to do regular cyber security training. That includes you.
        All your employees must be wary of the latest risks to your business and its data.
        Furthermore, this will also help them maintain safety on a personal level. Your employees are the first line of defense against cyber-attacks, and they must be equipped with the necessary tools and information to help protect the business. Even if you have excellent security tools, you will never be as safe as you could be if your employees are not following best practices.
        Next, ensure that everyone on your team uses a password manager supplied by the business (and never their own). It will give you significant control over what happens to your data when they leave. It is essential if your team members work remotely or take company devices home.
        Under no circumstances should you ever reuse passwords, even if you have a password manager. Your passwords should always be long and complex. You can generate them randomly through most password managers, which provide you with the best security. The more complicated and nonsense-like each password is, the better (since you won't have to remember them with a password manager, this makes life much easier).
        The exception to this is your master password. You will need to remember this one, and it should also be strong and hard to guess. For this, we recommend a passphrase. That's where you take a string of random words that you can easily visualize. For example, 'neonblueballetshoe'. You could also try a sentence where the first letter of each word becomes your password. For example: 'I wish I could eat cake for breakfast five (5) days a week' becomes 'IwIcecfb5daw'.
        Multi-factor authentication or biometrics enable extra security by making it extremely difficult for someone to log in to your device without you.
        We would also recommend against using free password managers if possible. While they might be acceptable for personal use (even then, their use is debatable), it is not sufficient when protecting sensitive business data. Many lack essential features such as cross-device and cross-browser syncing, multi-factor authentication, and end-to-end encryption.
        Create a business-wide password and cyber security policy that all your employees are aware of and adhere to.
        The policy should include never reusing passwords, use the security tools provided, and never sharing passwords with others.
        Doing so will help ensure that your devices and vital data remains secure.
        That will help stop employees from taking shortcuts with security and putting data at risk, which unfortunately happens from time to time.
        Would you like to know which one we recommend and use ourselves? Just get in touch, and we will tell you.

        Related Services:
        Cyber Security
        Has Your Email Been Breached?
        Are You A Sitting Duck?

        Related Blog Articles:
        ITA| Why you need a password management system
        ITA | Protecting your IT when employees leave
        Never use your browser's password manager

        Don't just take our word for it | Here are some links to NZ Government related guides and information
        CERT NZ | Business email compromise
        CERT NZ | Password Policy
        CERT NZ | Keep your data safe with a password manager


        Last Updated: 21/03/2023
        Keyword: Strong passwords are vital
        Author: Dennis Jones | CT Business Solutions



    Back...
     
     
    © 2023 CT Business Solutions Limited. All Rights Reserved
     | 
    Contact
     | 
    Privacy Policy
     | 
    Terms & Conditions
     | 
    View Desktop Version