BR +55 11 3069 3925 | USA +1 469 620 7643

How to Create a Secure Password Policy?

by | Feb 22, 2022 | BLOG

Having an efficient password policy is critical to the cybersecurity of companies. Since using easy-to-identify passwords is a way to facilitate scams by malicious actors. For the same reason, repeating passwords is a risky practice.

In 2021, more than 8.4 billion passwords from people all over the world were leaked and posted under the name ‘rock you 2021‘ in an online forum. What did they have in common? They used between 6 and 20 characters, without spaces, numbers, or symbols.

Other characteristics of easy-to-steal passwords are: using birthday or algorithms with repeated numbers, proper names, numerical combinations, and the word Brazil are also often found in leaked passwords of Brazilian users, in addition to the sequence 123456.

We have prepared this article especially to help you keep your company protected. In it, we will propose positive actions for an effective password policy. They are as follows:

  • Change Passwords Frequently
  • Use Software that Alerts You About the Change
  • Join an Account Lockout System
  • Train Your Employees
  • Do Not Use the Same Password for All Accounts
  • Create Strong Passwords
  • Have a Password Manager
  • Adopt Multifactor Authentication in Your Company’s Routine

Read it until the end!

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

6 + 15 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Why Should You Adopt a Secure Password Policy?

We know hackers take advantage of the weakness of corporate passwords in most cyber-invasions. 

Therefore, regardless of the size or industry of an organization, it is essential to have a secure password policy. After all, by adopting it, one avoids invasions that generate inconvenience and financial losses, in addition to preventing the company’s credibility from coming into question.

In practice, the password policy establishes rules to be followed by the entire team, ensuring the adoption of security requirements when creating passwords for accessing corporate devices and systems.

In the next topic, we cover some criteria you should adopt when establishing a password policy for your business. 

 

Positive Actions for an Effective Password Policy

You now understand the importance of creating a secure password policy for your company. Now, let’s show you how this can be done. Keep reading our text!

  • Change Passwords Frequently

It is believed that using the same password in different applications and services can facilitate the access of malicious users, and when we reduce the number of accesses with the same password, we also reduce the possibilities that they are shared and available for access by third parties.

However, the usefulness of this measure has been questioned. Microsoft itself stopped asking for the periodic change of passwords, considering this method useless. According to this report in Isto É Dinheiro, Aaron Margosis, a cybersecurity consultant at Microsoft, stated it is necessary to change the password only if it is stolen.

Despite this debate, the periodic change of passwords has still been recommended, for this reason, we explain about software that emits alerts when it is time to change them in the following topic.

  • Use Software that Alerts You About the Change

There is specific software that warns about the need to change passwords. They work as follows: when you try to access the computer after some time, you see a pop-up, warning you about the need to change your password to proceed. If you don’t, you will not be able to access the system.

These pieces of software are very useful because, over time, it is very common for people to get comfortable and fail to change their passwords within a certain time.

  • Join an Account Lockout System

Blocking accounts is a very important practice that prevents access after a certain number of attempts. This feature prevents the user from trying to access a system by testing multiple passwords until they reach their goal. This practice is known as brute force and is often used by malicious attackers to gain unauthorized access to these systems.

To get a sense of the importance this feature has, it is widely used by e-mail services and various websites.

  • Train Your Employees

If you are at the head of an organization, you should know that in addition to investing in technology to ensure information security, you need to train your employees through awareness and training to make it possible to identify and avoid threats.

Many people are unaware of the risks involved in accessing corporate systems. In these cases, it is necessary to introduce good practices and enforce them to prevent cyberattacks, including password theft. 

It is also important that these pieces of training are constant, since technology advances every day, as well as the techniques used by malicious agents.

  • Do Not Use the Same Password for All Accounts

If someone manages to steal your password from social media, for example, it is very likely they will test it on your other services, causing much more damage if you use the same password to connect to different online platforms.

Therefore, when establishing a password policy, remember to recommend that your employees have a different password for each online environment they access.

  • Create Strong Passwords

It is not enough to use passwords to access systems. It is necessary to resort to strategies that make it possible to increase the security level of the passwords used. After all, hackers often analyze users and attempt the invasion by testing obvious possibilities such as birthdates, relatives’ names, and short words.

In these cases, we recommend using a minimum number of digits, combining uppercase and lowercase letters, numbers, and symbols.

  • Have a Password Management Solution

If you follow the fifth and sixth tips in this article, your employees will have to remember a lot of complex passwords, which can be quite difficult. That’s where a password management solution comes into play.

This feature is capable of storing passwords, facilitating the work of users, who only need to remember the password used to access this system. What’s more, password managers still suggest codes that are unlikely to be discovered. 

Of course, like all other apps, they can be breached. Therefore, it is essential to use an extremely secure master password.

  • Adopt Multifactor Authentication in Your Company’s Routine

One of the ways to create a secure password policy is to adopt multifactor authentication (MFA). This solution brings together different mechanisms to prevent intrusions, which are:

  • Knowledge Factor: something the user knows, such as a password;
  • Ownership Factor: something the user owns, such as a token; and
  • Inheritance Factor: something that relates to who they are, as in the case of biometrics.

But remember an important detail: in the multifactor authentication, the mechanisms must be independent of each other to guarantee the protection of a system. This means that if one of the factors gives access to the other, your organization is not protected.

By reading this article, you learned what you should do to create an effective password policy for your organization. Did you like our text? Share it with someone else who is interested in the topic. 

 

ALSO READ IN SENHASEGURA’S BLOG

High Availability: Technology that Guarantees Productivity and Credibility

China has Published Its Specific Law For the Protection of Personal Data. What Are The Implications?

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

Password Vault: A Complete Guide

The use of many credentials to access various services often causes people to opt for weak passwords or the reuse of passwords, making loopholes for the action of malicious agents.  Moreover, the explosion in the number of connected devices due to technologies such as...

Secrets of Cyber Resilience

In recent years the world has considerably evolved, with organizations increasingly adopting digital initiatives, like Cloud, IoT, Big Data, Artificial Intelligence and Machine Learning. And the Covid-19 pandemic has forced organizations to accelerate the adoption of...

Gartner Identity & Access Management Summit Why should you consider attending

Cybersecurity is an increasingly present topic at meetings at all levels of an organization. And with the increase in digitalization and connectivity of companies, cyber risks are increasingly associated with business risks and are not limited only to large...

The 14 Best Cyber Podcasts in 2022

When it comes to cybersecurity, staying informed is one of the first steps to avoid risks such as data leaks and hacker invasion, which can generate a series of disruptions in an organization, even compromising business continuity. The good news is that there is a lot...

How to Choose a PAM Solution?

PAM was voted the #1 cybersecurity project by Gartner for two years in a row. This is because it is a strategic measure to choose a PAM solution as a tool to promote cybersecurity in organizations, which allows one to control privileged access for users, accounts,...
Copy link
Powered by Social Snap