For the past twenty years, the password has been the most important security tool that individuals and businesses have to keep outside parties out of their personal and professional information. This may not always be the case, but much of a business’ security is built around the idea that passwords are keeping unwanted entities out. It is important that you and your staff understand what good password hygiene looks like. Today, we’ll outline what it looks like.
What is Password Hygiene?
The practice of securing your accounts with well constructed, unique passwords is called password hygiene. Having good password hygiene means that you will avoid the use of authentication methods that can be easily compromised. Below is a list of unhygienic password creation practices:
- The use of personal details, like your name or birthday
- The names of friends, family, or pets
- The use of commonly used words (like “password” or a favorite sports team)
- Using simple keyboard combinations (like “12345” or “qwerty”)
- The us of repeated login credentials (like username: Cornoa2020, password: Corona2020)
- Using short passwords
If you are now worried that your passwords are easily guessable, don’t fret. Here, we’re going to outline some strategies you should stop using immediately as they no longer provide the value they once did to keep your accounts secure.
- Alphanumeric Switching – This is just a fancy euphemism for turning some of your letters in your password to numbers. If you’ve been making passwords for any length of time, you’ve probably taken part in this practice. The problem is that it is ineffective against the modern hacking software designed to crack passwords.
- Length Requirements – For much of the past decade, if you needed to make an account password, it had to be a certain number of characters. According to the Nation Institute for Standards and Technology (NIST) longer passwords are actually hurting your chances of keeping an account secure as they are harder to remember.
- Banning Cut and Paste – This practice was only done for a few years, but industry leaders now find it to be a pointless security gimmick. It eliminates the availability for users to use a password manager, which is one of the best practices for password-led security in 2020.
- Password Hints – If you set up online banking anytime in the past decade you were asked a series of questions that would allow you to gain access to your credentials. This isn’t as effective nowadays as more information about users are available online.
- Too Frequent Password Changes – You’ll still want to make users change their password, but having them do it so frequently that they forget their credentials can be a major problem for a business.
Best Practices of Password Hygiene
We have come to recommend that users create passphrases made up of at least three words that don’t have any correlation. In this method, if you want to use replacement characters (like the aforementioned alphanumeric switching), it has value. For example if you were to make the
At Vudu Consulting, we recommend that users use a passphrase made up of at least three words that don’t have anything to do with one another. We also believe that using replacement characters can have value in this method. For example, a passphrase of “japanlovessushi” is not in itself secure, because it’s a common phrase, but a passphrase of “japanlovesenchiladas” is better. Use substitution methods to add security from there.
If you would like more information about password hygiene or securing your accounts and identity online, call the IT professionals at Vudu Consulting today at 866.640.0557.