Author: Chad Knutson, SBS CyberSecurity
Passwords are a very important control in our environment. They grant access to all the information and technology systems that we use in both our business and personal lives. Unfortunately, passwords are a common target of cyber criminals and carry a lot of risk. There are three major risks that relate to passwords:
- Password cracking – criminals access an encrypted form of your password and attempt to break it. With the advances in technology, this is now easier than ever.
- Phishing emails – these deceptive emails lure unknowing targets with a believable story to collect passwords and other sensitive data.
- Data breaches – when third-party companies are breached, passwords are often made public.
To mitigate the ever-evolving cyber risk, password protection standards are changing. It is recommended that a strong password follow these rules:
- Include 10 characters
- Contain 3 of the 4 following criteria: upper case, lower case, number and special character
- Not include dictionary words
- Be updated every 90 days
While this password combination is an acceptable standard, the National Institute of Standards and Technologies (NIST) recommends using even longer passwords, such as 16 characters or more. Longer passwords can include less complexity, yet are considered more secure.
Other password best practices:
- Don’t reuse passwords. Every website and application that you log into should have a unique password. That way, if a website is breached and your password gets out, it doesn’t put other sites at risk.
- Use a password manager. Password managers store all your credentials in an encrypted database. They are then accessed with one master password.
- Enable two factor authentication. Two-factor authentication adds an extra layer of protection by requiring you to identify yourself using a cell phone or other device in addition to entering your password. Use this on your password manager and all other places you authenticate to.
Avoid the cyber risks that come along with weak or poorly managed passwords. Take five minutes to view my video blog to learn tips for protecting your passwords and ultimately your most sensitive data.
Chad Knutson is a co-founder and Senior Information Security Consultant for SBS CyberSecurity, a premier cyber security consulting and audit firm dedicated to making a positive impact on the banking and financial services industry. Chad has also served as President of the SBS Institute since 2013. Chad maintains his CISSP, CISA, and CRISC certifications, and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance from Dakota State University.
- Whitepaper: Why Cybersecurity Should be a Top Priority for Your Financial Institution
- Infographic: Phishing: The Rising Threat to Business
- Infographic: Protect Against Phishing Attacks: A Prevention Checklist
- Datasheet: Cyber and Information Security Solutions