Password management can often be overlooked. As a managed service provider, our Clients are use to hearing us advising them on password security. Passwords are something we use every day and should be at the forefront of any security plan.
Passwords are the first line of defense against malicious activities in the digital space. The trouble usually lies with the end user who doesn’t take care of their passwords or doesn’t make them difficult enough. As a managed services provider, it is imperative to ensure that our clients are employing some simple, yet highly effective tactics to keep the bad guys out of their information and IT systems.
Before we look at the techniques to prevent hackers from gaining access to private information, let’s take a quick look at the most common means these people use to crack the password code and get the proverbial “keys to the kingdom.”
- Guessing – Some people think that no one could ever “guess” their password at random, but hackers are much more sophisticated than that. This technique is not simply sitting in front of a screen and typing many different combinations. First, the hacker finds personal information online and then uses sophisticated programs to help ‘guess’ how that personal identification can be turned into a password.
- Dictionary-based attacks – Programs run names and other information against every word in the dictionary.
- Brute force attacks – Just like it sounds. By simply running all combinations of keystrokes with a user name, passwords are discovered all the time.
- Phishing – Beware of Phishing schemes! These scams try to lure you in with fake offers then track your keystrokes in order to steal private information. If the email or IM request looks odd, ignore it and please don’t click on anything. The trouble is that people are oftentimes tricked into giving away valuable data without even knowing. See our recent blog on What exactly are phishing emails?
- Shoulder surfing – Not all hackers are technical whizzes. Shoulder surfers try to catch you entering a password in a public place like a coffee shop or even at a petrol station (debit card PINs are vulnerable).
Password Security Tips
As an MSP we try to educate our Clients on strong password practices. There is simply no way to guarantee a bulletproof password. If someone wants something bad enough and is smart enough they can figure out what they need to do to get it. Most are not that patient though so any deterrents are usually enough to make them give up and find an easier target.
Some best practices to be teaching your employees include:
- Make sure password length is at least 8 characters
- Don’t use real words
- Use both upper and lower case characters
- Include numbers and special symbols when allowed
- Don’t use personal data
- Make patterns random and not sequential or ‘ordered’
Don’t get lazy when it comes to your passwords. Take the extra time to think of something creative, complex and something only you would remember.
What else can be done? Here are some “do’s” and “don’ts” for password safety.
- Create different passwords for different accounts and applications. If you create only one password for everything you do online, you are exposing yourself unnecessarily. Sure it’s easier to use one but it provides more chances for someone to figure your password out, and if they do, gives them a great starting point for accessing other personal data of yours.
- Keep corporate and personal passwords separate.
- Change your passwords often (ideally every month) or ask your MSP to enforce a password policy throughout your business.
- Always log off your computer or lock it when you leave it for any period of time.
Now Some Don’ts:
- Don’t write passwords down or store then in the office.
- Don’t store passwords on any device.
- Don’t give passwords in emails or IMs.
- Don’t give your manager your password.
- Don’t discuss passwords with others.
- Don’t use remember password function in applications.
- Don’t use the “it’s easy to type’ rule (like asdfjkl;) since that will be easier for a lurker to see what you typed.
After reading this, I’m sure you feel like you have some work to do. It’s never too early to start utilising these recommended practices and you may not even know what data may currently be exposed or at risk. Changing your passwords and using the above techniques can help protect you and your clients from malicious web attacks. Don’t overlook the importance of password management – it could make all the difference when a hacker sets his targets on you or your clients.
To find out how we help our Clients stay safe or for advice on multi layer security (it takes more than just strong passwords!) please read more here.