When it comes to the security of the systems and the data in your business, you likely have a good security system in place and your systems are largely secure. That being said, there is one common weak link that all businesses share – the password. If a hacker can crack a password, they will often have full access to your systems. In an effort to try and control this, many companies have password policies. But, are they really effective?
If you are in the process of implementing a password policy, or are looking for a way to ensure that your business is as secure as possible, you need to be aware of at least four common password policy pitfalls.
One of the most common elements of a password policy is the requirement that passwords be complex. Many require that the password has at least one number, or a special character like ‘!’ or ‘&’, and possibly even a capital letter.
While this may seem like it serves to make passwords more complex, many users will often use a simple password and replace words with a character, or add it at the end. This really doesn’t make the passwords complex, it just makes them more difficult to guess.
Because so many systems have these requirements in place, hackers have started to include these factors when they develop password crackers. This means that the are still able to guess many passwords relatively quickly.
A common way hackers get into systems is through a method called brute force. This is essentially entering different passwords and variations until you come across the correct password. While this method can take a while, if your password system doesn’t have a lock-out rule – whereby the account becomes locked after a set number of failed attempts – you will eventually see a security breach.
In order to keep systems secure, many companies force their users to change their passwords on a regular basis – usually every 90 days. While this is a good idea, some take it a bit too far, for example forcing employees to change passwords every two weeks.
This may seem like a good idea, but all it does is encourage users to pick easy to remember passwords. And, any password that is easy to remember is likely easy to guess too.
Because the number of password protected systems we use is increasing, many business users are struggling to remember all of the passwords they use. When this happens, the easiest solution is write to them down.
When making a note of passwords, most people don’t take any steps to hide them, often leaving a sticky note attached to their monitor or written in a notebook casually left open on their desk. Needless to say, this is a real security issue.
Here are four actions you can take to ensure not only stronger passwords, but a policy that is effective.
If you are looking for help with your password policy, or with the security of your business and systems, please contact us today.