Strong password policies have come a long way. When I created my very first online account many, many years ago, my password was the word “cool” (don’t judge me, ok? I was very young at the time).
That password has long since been changed, to something much more secure, but passwords still remain part of every day life as more and more of the services we rely upon are managed online through web sites or mobile applications.
Users today are inundated with passwords they must remember. Think about it. Website logins, email accounts, social media accounts, banking accounts, smartphone pass codes, ATM pin numbers, and home security system alarm codes all require some type of password.
Creating a strong password policy is key to helping users safeguard these critical systems they rely on every day. While additional complexity can seem like an inconvenience to many users, it shouldn’t prevent a strong password policy from implemented in your organization.
Consider these 3 quick facts supporting a strong password policy requirement:
When it comes to security breaches, we’ve seen an escalation of security breaches. Even major brands have had systems compromised exposing user passwords. While administrators quickly respond and notify users by forcing password changes, their efforts are limited to their own site.
Changing a password with one site is not always enough. Chances are that compromised passwords are used elsewhere, leaving users vulnerable to hackers.
The most commonly used password is…123456.
And it’s closely followed by just as insecure passwords like “password", “welcome", and “12345".
Think one extra letter or number doesn’t mean much? Consider this:
A strong password policy doesn’t need to be the only line of defense to your systems and network. Adding multi-factor authentication creates multiple layers of security to protect users and resources.
At DigiCert, we strongly recommend that users enable multi-factor authentication in order to secure their certificate management account. Users can include IP address restriction, client certificates, and one-time passwords as their layers of defense.
Correctly implemented, these additional access requirements act as an extra layer of security protecting accounts even when hackers have been able to obtain a user’s password.
Good passwords are critical to information security. Lack of thought in creating password policies increases the chances of unauthorized access or compromised data. The SANS institute recommends that strong password policy include the following characteristics:
The full negative effect of a compromised account sometimes can take months or years to be felt. With the nature of information we deal with online each day, there’s no room to be relaxed about our approach to account security. Keeping users, systems, and resources secure today requires a combined efforts using strong password policies and staying on top of the latest information security best practices.