Passwords - old truths are no longer good enough
Earlier we talked about the three most common threats in our IT environment. Among other things, we have touched on the user's login credentials. In this post, we share AddPro's top password tips.
Yesterday's password policy
Historically, most customers have had a password policy that is often structured as follows:
- Eight or more characters in the password
- Complex passwords, i.e. the password should consist of a mix of special characters and upper and lower case letters
- The password must be changed every 90 days
With today's threats, traditional security thinking is no longer secure enough. There are ready-made databases where you can download and crack eight-character passwords, including every possible special character.
Today's password policy
We recommend that the user's password should consist of at least 12-14 characters, no requirement for complexity, encourage the use of password phrases and not change too often as there is a risk of users writing down the password.
Example of password:
- Mloisgrpkosib - Explanation: mother's little Olle in the woods went...
A rule to add to the password policy is that after 15 - 20 incorrect entries of the password, the user's account is locked. In order for it to be unlocked, we recommend that there is a requirement for the user to change their password.
The procedure for obtaining a new password is through a self-service portal or some form of two-factor procedure. For example, via mobile phone or the manager as the service desk cannot recognise all employees by voice.
Three secure login methods
If users find it too tedious to enter a long password every time they need to unlock their computer, there are clever simplifications that will also further enhance your security. Modern systems can make local login easier using a PIN, your finger or your face.
The PIN code login hides the long password with, for example, a four-digit code for the device you are logging in from. To crack this code, a hacker must see the user's code and use that particular device, i.e. the four-digit code only works on that device.
- Fingerprint reader
Some computers have a fingerprint reader. You can use your fingerprint to easily unlock your computer. If users choose to have this feature as their login, a tip is to register a finger from both the right and left hand.
- Face reading
On new modern computers, you can log in by having a camera on your computer read your face. This is obviously a good and easy way to log in, but not yet very common.
If you can combine two of the three login methods described above, you get a very secure login that is difficult for a hacker to crack.
Secure company logins
If your users are still logging in with a password and are unsure if their password is good enough, they should invest a few precious minutes in doing something about it. You and your users will be happier when they don't have to enter their password so often and can log in more easily.
Do you need support in analysing your business IT environment to identify and prevent potential threats?
Learn more about our IT Security Workshop to take the next step towards a more secure IT environment. Press the button below to download the material.