Password protection

Five Password Best Practices

As we all work to build better cybersecurity in our organizations, sometimes it makes sense to take a step back and think about the easiest way hackers can access our systems and intelligence. Good hygiene for managing your passwords extends from your professional life to your personal accounts with best practices for managing both facets important for securing all of your information and access points.


Here are some ways to get started.


1. Use a password manager 

Good password management begins with using a password manager to help you generate and track unique, highly secure passwords across all your logins. This tool is a cloud-hosted, much more secure version of that Excel spreadsheet sitting on your desktop tracking all your passwords. A password manager works on both your computer and your smartphone.

This solution makes it so that you can have one password to control your life within that password manager. Once you know that master password, you have access to your potentially thousands of passwords in that bank.

Trying to come up with a password every 90 days for every account that you have is completely infeasible unless you have a password manager, which has a built-in password generator to create unique, robust passwords. It also saves you the time of having to type in your username and your password every time you access a system, portal, or account.

Be sure to do your due diligence and select a reputable provider.


2. Select complex passwords 

Building on what we just discussed above, part of the key to effective password management is having strong passwords that are unique across every login that you have. This is especially true as you work to separate your work life from your personal life.

Note that strong or complex passwords are typically at least 12-characters long and possess uppercase and lowercase letters, numbers, and symbols. This is where a password manager helps as that tool can generate and save all of these difficult to remember passwords. Regular expiration and updating of your passwords is also supported by your password manager.


3. Leverage multi-factor authentication (MFA) 

Take advantage of MFA to bolster your security and add another layer of protection. Multifactor authentication is the key to making sure that you are protected because you’re only as good as your password and your username unless you have MFA. This tool uses something you know, which would be your strong password created by your password manager, and something you have, which could be your smartphone.

Typically the most common path to MFA is a phone call where you are called and provided a six-digit code which you then type in. This method is the least secure MFA. Another approach is to receive an SMS text on your phone containing a one-time password, but this is still quite weak. The most secure way is to use an authenticator app where you take a picture of the QR code on your screen and your phone will tell you the code, you type that code in, and lock in your MFA.

It’s a good idea to leverage MFA on any account that offers it as it makes such a big difference in your security. MFA across your accounts is what’s going to keep the bad guys out.


4. Track current events and check your email 

Make sure you are aware of big news stories pertaining to cybersecurity and data breaches. Being informed about compromised companies that may have your data is a good way to protect yourself and all of the information you have access to. Even if you have everything set up the right way, MFA is the only thing that’s going to stop somebody from getting into your account if your data is compromised by the vendor that hosts it.

With password managers and websites that have your information, if something does happen, they’re obligated to inform you, the end user. Checking your emails and tracking current events will keep you up to date so that you can be aware of things that might affect your data.


5. Gain general cybersecurity awareness and attend training 

Learn how to prevent compromising your own accounts and passwords. Make sure that you’re up to date on your cybersecurity training because the best way to protect your password is to ensure you make good decisions, are careful with your passwords, and don’t become a phishing victim. If you’re cognizant of those threats, you might be able to stay ahead of the hackers.

The social element is really still the easiest path to stealing someone’s information. At the end of the day, it comes down to you being good about recognizing threats, whether that’s a bad email, a bad link, a bad attachment within an email going to a bad website, noticing the characters in the website or the email are off, and more.

If you would like any assistance with helping your organization better manage its passwords and protect your infrastructure and information, contact the experts at CyberSheath. We have the knowledge and expertise to craft and execute the security strategy you need to secure your company and your data.


CyberSheath’s exclusive Federal Enclave is a “born compliant,” cloud-based solution for full compliance that’s easier, faster and more economical.
This is default text for notification bar