We need to talk about the “Janet” in your office. You know the one. Sticky notes all over the desk and monitor labeled:
“MailChimp: Username/Password1”
Passwords are the front line of defense to your business. In most cases, it’s all that separates someone from your email, computer and network access, and all the sensitive information contained.
Password policies are company-wide initiatives to make sure that that line of defense is as strong as possible.
Here are a few starters for setting up an effective password policy.
1. Change Your Password Every 6 Months
Keeping passwords for too long opens you to more vulnerabilities over time. In the event of an unknown breach, changing passwords also block out unwelcome parties.
2. But Keep Your Password for a Minimum of 3 Months
Hackers often try to circumvent the “I forgot my password” system. By setting your systems to require a password be kept for 3 months without system administrator intervention, you reduce the window and probability that that type of attack could occur.
3. Don’t Use an Old Password
This is an easy one. Older passwords have been around longer, thus increasing the chances that they may have been compromised. In the event they were secure and just phased out, make sure you have changed the password 10 times since.
4. Use Complex Passwords
The more intricate you can make your password, the better. Use capitalization, numbers, and symbols. One way to make it easy to remember is by replacing letters for similar symbols. Like: P@$$w0rd – but don’t actually use “password.”
5. Password Length
This one is easy. 8 characters. MINIMUM.
6. Have You Heard of Passphrases?
Passphrases are pseudo-sentences that can be significantly longer than passwords.
Like: Please lease lemon pledge (because who is going to guess that?)
Using Passphrases instead of passwords is just another way to decrease the risk of an account being breached.
7. Password Expiration Emails
Automated emails notify employees when it is coming time to change a password. This keeps your employees aware of when passwords will need to be changed before getting locked out of an account.
8. “But Keeping Different Complex Passwords Is Difficult!”
It doesn’t have to be. Both Google and Apple have “keychain” features that store and update passwords as necessary.
If you are looking for a more secure option than something usable by anyone with access to your device, 1Password stores passwords securely and lets you use them while only having to remember one password.