<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
Show all

Foresight 2020: Implement passphrases and a strong password management process

Passwords are the first defense to protecting private information. It is important to implement strong passwords to make it difficult for outsiders to breach that wall and gain access to sensitive information. Having a weak password leaves not only the user at risk, but when dealing with a company managing any private data, the company is susceptible to hacking which can cost thousands of dollars or even millions of dollars. Over 83% of Americans have weak passwords and 53% of Americans use the same passwords for multiple accounts.  

Here we discuss the common mistakes used when creating a password and provide some tips on creating a strong password.

Most Common Mistakes in Passwords 

Many people include personal information that can be easily found on social media as passwords. In 2019, the UK’s National Cyber Security Center revealed that the top 3 most hacked passwords were “123456”, “123456789”, and “qwerty.” 

Below is a list of common mistakes used in weak passwords:

  • 16% of Americans use their name or a family members name 
  • 15% use a pet’s name 
  • 11% of people use their birthday 
  • 8% use words related to a hobby of theirs 
  • 5% use part of their address 
  • 4% of Americans use the name of their favorite book or movie 
  • 3% use celebrity names 
  • 3% use the name of the website the password is for 

How to Tighten up Security Through Password Management

  1. Follow a password policy. More complex passwords should be used especially by privileged users and executives. Frequent password changes and the use of passphrases should be implemented. This will make it hard for hackers to sell password and username lists to other people who wish to breach your data. 
  2. Use passphrases instead of passwords. Unlike a password which is only one word, a passphrase is a string of words used to gain access to a system. It is commonly known to be much harder to guess and with password cracking algorithms being less effective after 10 characters, passphrases tend to be more secure. Passphrases can contain complex rules, they are sensitive to punctuation, symbols, numbers and capitalization. Major operating systems such as MAC OS, Windows, and Linux allow passphrases to be up to 127 characters long. Passphrases really do give a user the ability to make their password very difficult to break. 
  3. Implement your password policies into your systems. To help users remember passwords, a secure, encrypted password manager designed for business may be used. The system administrator should implement rules requiring passwords to be changed every 90 days and passphrases every 180 days. Password managers are also great to keep track of passwords to ensure they are not reused.  Here are some more additional steps that can be taken to improve password security: 
    1. Configure the minimum character length for passwords to be 10, and 15 for passphrases.
    2. Enable complexity requirements for both passwords and passphrases.
    3. Reset admin passwords every 180 days.
    4. Use strong admin passphrases for all domain admin accounts. 

Download the Free IT Managers' NIST-Based Checklist for Telework and Remote  Access Security

The Takeaway

Hackers have found many methods to breach your data. You should take the utmost precaution to enhance your security.  In another blog post, we talked about the advantages of using single sign-on to help consolidate password management for your organization. Implementing a strong password management process is one of the first steps you can take to practice good cybersecurity. Take the extra time to set up complex passwords and passphrases and implement a strong password policy on your systems.  These steps are also aligned with the National Institute of Standards and Technology (NIST) SP 800-63-3 guidelines for passwords.


Amanda Spence
Amanda Spence

Amanda Spence is a student at Florida State University majoring in finance, with the intention of going to law school. During the summer of 2020, Amanda was an intern in the marketing department at 24By7Security.

Related posts

May, 21 2024
May, 14 2024
May, 7 2024

Comments are closed.

Just how much are you losing? Costs of a Cybersecurity breach
Microsegmentation - Protect your internal network
Subscribe to our Blog!