Today is World Password Day, a day for organizations to remind their employees of the importance of using strong passwords and practicing good password hygiene to protect personal and work accounts. Given the large number of accounts that employees manage—and the risk that weak passwords pose to an organization—organizations can use this day to emphasize password security for both corporate and personal passwords.
- Train employees to use long, unique passwords for all accounts. Short, commonly used passwords can put an organization's information at risk. Teach employees to use long passphrases: at least five words containing at least 15 characters. It can be difficult for users to memorize—and type—a long string of random characters, so educate them on how to create a phrase that they can remember but hackers can't crack. Organizational Security Awareness Training programs should include the risks of reusing passwords—if criminals figure out an employee's password for one account, they could use it to try to access the employee's other accounts, including their work account.
- Implement an enterprise-wide password manager. Password managers are highly effective and can help minimize the risk of hackers accessing corporate accounts. They generate and store long, unique passwords, eliminating the risk of employees creating weak passwords or reusing the same password in multiple accounts. Password managers allow employees to securely share accounts with other employees, with account managers able to obscure account passwords for additional security.
- Use a multi-factor authenticator (MFA) app for network
access. Authenticating through an MFA app is more secure
than verifying with a phone call or text message. Since such apps
are linked to the mobile device and not the mobile account,
app-based prompts would continue to be routed to the original
device—preventing a criminal from intercepting an MFA prompt
if they take over an employee's account.
- Educate employees to respond appropriately to unexpected MFA prompts. Unexpected MFA prompts may indicate a criminal is trying to sign into an account using a stolen password. Criminals hope that the employee will tap "Approve" accidentally or out of frustration to stop the prompts from appearing. Employees should be trained to reject unexpected prompts, change their network password, and immediately report the attempt.
Emphasizing the importance of long, unique passwords and good password hygiene can help keep accounts more secure, protecting the organization's network and information.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.