Access Denied: How to upgrade your password security
The National Crime Agency has recently recovered a database of 225 million login credentials from cyber-criminals and have shared the hacked passwords with the Have I Been Pwned (HIBP) security project. It’s sensible for organisations to regularly check the HIBP website to see whether passwords have been compromised. Additionally, consider these tips:
- Use strong passwords. Employees should create passwords at least eight characters long, using a combination of upper- and lower-case letters, symbols and numbers. Passwords should be easy to remember but difficult to guess. A good rule of thumb is to make sure that somebody who knows the user well couldn’t guess their password in 20 attempts.
- Avoid reusing passwords. Passwords shouldn’t be reused, especially for more sensitive systems. For less important accounts, employers may wish to use a password manager tool, which creates and manages passwords in one system, helping to prevent ‘password overload’ in employees.
- Be secure. Ensure passwords aren’t written down, shared with others or sent by email.
Additionally, organisations should consider implementing failed-login monitoring and account-lockout mechanisms to counteract brute force attacks.