Strong Passwords, blah, blah, blah! But what really is a strong password policy in 2023?
Most are fully aware that passwords are the gateway to your business systems and therefore weak passwords represent a massive vulnerability. Weak passwords are a form of human error: the main culprit for breaches of cyber security.
Password education has for a long time suggested complex passwords with upper and lower case letters, special characters, numbers etc. are the strongest format but is this still true? As password systems evolve and users and hackers become wiser and more sophisticated do we need to reassess what constitutes a weak and strong password policy?
What is a strong password policy in 2023?
1. Uniqueness
One of the most important password features is uniqueness. Passwords should not be reused across platforms within a business. Furthermore, your password policy should require passwords not to be reused across personal and work accounts!
Absolute Networks Ltd always ban common passwords, such as, abcdef, password, monkey and admin, in password policies we manage. However, other common approaches, such as, password expiration and multiple character sets can often encourage users to reuse passwords and use similar patterns in an effort to remember them thus creating less secure passwords.
Simply unique passwords can be more powerful! Applications such as LastPass can help make this easy and their installation on company machines can encourage your staff to use truly unique passwords.
2. Multi-Factor Authentication (MFA)
Absolute Networks Ltd can set-up and manage your MFA. With up-to-date contact and security information, like an alternate email address, phone number, or a device registered for push notifications you can respond to security challenges and be notified of security events. You can verify your identity if you ever forget your password, or if someone else tries to take over your account. Furthermore, risk-based MFA ensures that when the system detects suspicious activity, it can challenge the user to ensure that they are the legitimate account owner.
But user beware! Don't become immune to MFA authorisation requests. Never accept an MFA notification if you haven't tried to login.
Contact Absolute Networks Ltd to ensure your business' password policy is fit for purpose and your door in really locked!
Recent Posts
Is it time for a company policy on the use of ChatGPT and other LLMs?
IT Support Large language models (LLMs) have rapidly popularised since the launch of ChatGPT at the end of 2022. As an emerging technology there are many security unknowns but considering [...]
Russian and Iranian spear-phishing in the UK: Are your defences up?
IT Support Russia-based group SEABORGIUM and Iran-based group TA453 are targeting UK organisations, individuals and decision makers with spear-phishing campaigns. Spear-phishing, like phishing, involves malicious links being sent via email, [...]
Charities Beware: You’re a target!
IT Support The lowest of the low! Cyber criminals see UK charities as easy pickings. Here's why charities are particularly vulnerable to cyber attacks: Regularly handle donations Hold sensitive and [...]
Is your business guilty of phishing ‘blame and fear’? Is there another way?
IT Support You hear a knock at the door and go to answer it. As you open the door the person on the other side barges past you, into your [...]
Strong Passwords, blah, blah, blah! But what really is a strong password policy in 2023?
IT Support Most are fully aware that passwords are the gateway to your business systems and therefore weak passwords represent a massive vulnerability. Weak passwords are a form of human [...]