It goes without saying that the security of any company’s business information is of primary importance. Whether or not sensitive customer information is actually stolen, any breach in company data makes security appear weak, can scare away customers and may eventually lead to a company’s demise.
Most systems and applications dictate what the minimum security standards are; one system might simply require 8 alphanumeric characters while others may require longer ones with additional parameters, such as the inclusion both upper and lower-case letters and the forced exclusion of publicly available personal data, such as a user’s name.
Oftentimes, a person’s password strength will conform to the minimum standards required.
There are many security measures a company can take to protect the business against information attacks. One such measure lies within control of every individual user: password security. Regardless of whatever the minimum standards of a system are, individuals should strive to create the most secure passwords they can. Here’s some password advice from experts in the field.
What Most People Think Is a Strong Password (Really Isn’t)
Password security has been a business priority for a long time. Users are instructed to generate passwords that would be difficult to hack. But just how strong are those passwords?
Some experts believe it hardly matters. They argue that hacking software has become so sophisticated that it can decode pretty much any password users create. There have been instances, too, where businesses have required users to maintain complex passwords only to have hackers break in and steal a list of the company’s passwords that was never encrypted on the server.
These skeptical experts advise businesses to instead put more of their energies into locking down systems, strengthening firewalls, encrypting data, employing two-factor authentication and putting clear procedures in place that prevent hackers from getting in and information from getting out. While these are all best practices businesses should definitely follow, other experts continue to believe in the importance of password protection as a central way to safeguard business information.
Why Passwords Fail
What makes a weak password? Passwords fail for any number of reasons, but the most common one is that they’re too predictable. Anytime users include familiar words or phrases or identifiable numbers, the password has a good chance of being hacked. Using a street name and house number, for example, would be like putting the welcome mat out for hackers. Same with using surnames, maiden names, parents’ names, kids’ names, pet names or any number of other recognizable monikers.
It’s not that hackers know who users are and where they live, but the algorithms they employ to break into systems are very good at guessing. Hackers can process password attempts automatically and at lightning speeds. Without strong passwords, companies might as well just give away their information.
What Is a Strong Password?
For better password security, users should take into account all of the following:
- A strong password should be at least 12-16 characters in length – the longer the better.
- It should be a combination of upper- and lower-case letters, numbers and special characters.
- It should include unrecognizable strings of letters (i.e., words not found in the dictionary). Foreign or nonsense words can be useful. It’s not enough to simply replace letters in common words with special characters. “$pring&$ummer,” for example, wouldn’t be very strong.
- Mix it up as much as possible. The more random the better. The problem with random passwords is that they’re hard for users to remember. One solution is for users to create unusual acronyms only they would know. For example, take the phrase “My parents live at 445 N. Locust Street in Elizabethtown, Pennsylvania.” The password version of this might be: “Mpl@445N.LSinE,PA” – a strong password.
- Avoid using the same password in many different places. Again, users have trouble remembering lots of different passwords and tend to rely on a few choice ones. Hackers know this and will try to exploit it. One solution is to use a password manager service. A password manager will create a strong password for each application and then store it in encrypted language. The user needs to remember only one password (hopefully a strong one) that tells the password manager to unlock or log into any application.
Business leaders should ensure that their company employs best practices in preventing data breaches. That includes procedures for designating strong passwords that stymie hackers.
At RDX, security is of paramount importance. Although we don’t store or process any data for our customers, we adhere to one of the most comprehensive security and privacy frameworks in the IT industry and have audited every security control possible within our organization. You don’t become the #1 provider and pioneer of remote DBA services without paying close attention to security issues, especially as they evolve in the future.