Better password management for your business can reduce the risk of cybercrimes, data breaches, and more. The threats are out there, just waiting for the opportunity to steal sensitive data that could cripple your business, cost you millions in damages, and ruin your reputation. Passwords should be taken very seriously no matter what industry you’re operating in.
Here are five crucial practices for business password management. By mastering these practices, you’ll create better passwords and better overall security for your business as a whole. You can never have too much security, especially when it comes to your online accounts and sensitive business data!
1. Limit Password Sharing
Password sharing is both dangerous and irresponsible at a business and personal level. Why? Because the more people that know a secret, the more likely it is that the secret will be revealed. That includes your passwords. If you share just one password, you could be giving the wrong person access to more than just your work email or login credentials, especially if you’re someone who reuses passwords. By the way, never reuse passwords for any reason. Every login should have its own unique credentials for maximum security.
As if this wasn’t enough, here’s a disturbing fact: About 27% of office workers said they would sell their login credentials for the right amount of money. That means nearly a third of your workforce would (potentially) sell their login credentials for cash and jeopardize your entire operation.
This isn’t meant to make you distrust your employees, but rather provide a sobering look at the reality of password theft and compromise.
2. Use A Password Manager
Password management for business is made easier with today’s password managers. Featuring secure, easy to use interfaces, end-to-end encryption, two-step authentication, and even private VPNs, password managers have never been more powerful or secure.
There are hundreds of password management options available, some of which are even free to use. You’re not risking anything by trying one out, and you’re potentially providing a more secure way to generate, store, and manage company passwords and credentials.
Many businesses still store their passwords in a word document or spreadsheet. Just how secure do you think that spreadsheet really is should a hacker come looking? One thing’s for certain: it’s nowhere near as secure as a password management tool.
3. MFA
Multi-factor authentication is an excellent way to prevent unauthorized access. This extra layer of defense goes beyond the simple password and provides a locked gate to anyone trying to access accounts they’re not supposed to be in.
MFA can be a secret question, a security token, a biometric scan, GPS authentication, and time verification along with a password. PINs are another popular form of MFA; anything that makes your login more unique and requires an extra step to deter hackers from easy access.
4. Biometrics
Biometrics are becoming more and more popular as technology advances. In fact, the laptop I’m currently using can only be accessed by my right index fingerprint (or my personal PIN, should my fingerprint scanner not cooperate). Biometrics are almost impossible to duplicate; especially something like a fingerprint or iris scan.
Fingerprint or iris scans can offer a level of security that is almost unbreachable, but like anything connected to the internet, there’s still a small chance they can be hacked.
Your phone may already be equipped with biometrics security. Do you unlock your phone by showing it your face, or pressing your fingerprint on the screen? It would be pretty difficult for someone who isn’t you to replicate this authentication method.
5. Better Passwords
Let’s not forget that we can simply create better passwords for our businesses to help deter breaches. Using personal or company information in passwords is negligent at best, especially when there are tools specifically designed to create better passwords.
Good passwords should contain an upper and lowercase letter or group of letters (that don’t relate to you or the business), at least one symbol and at least one number. For example, a good password looks like this: $c0d3w0rD#9>r
The password is 13 characters long, the recommended length by security experts, contains all of the above requirements, and doesn’t have a 1, 2, or 0 at the end of it. This would be considered a good password and would be very difficult to crack.
Let’s look at another password to see if you can spot the problem(s): ClearwaterRoofing011
Not only is the name of the company clearly displayed in the password, it contains no symbols, and uses both 1’s and 0’s at the end. This would be considered a poor password.
The above tips may seem like a hassle to implement, but it’s far less the hassle than if you were to have your system breached.