Most are fully aware that passwords are the gateway to your business systems and therefore weak passwords represent a massive vulnerability. Weak passwords are a form of human error: the main culprit for breaches of cyber security.

Password education has for a long time suggested complex passwords with upper and lower case letters, special characters, numbers etc. are the strongest format but is this still true? As password systems evolve and users and hackers become wiser and more sophisticated do we need to reassess what constitutes a weak and strong password policy?

What is a strong password policy in 2023?

1. Uniqueness

One of the most important password features is uniqueness. Passwords should not be reused across platforms within a business. Furthermore, your password policy should require passwords not to be reused across personal and work accounts!

Absolute Networks Ltd always ban common passwords, such as, abcdef, password, monkey and admin, in password policies we manage. However, other common approaches, such as, password expiration and multiple character sets can often encourage users to reuse passwords and use similar patterns in an effort to remember them thus creating less secure passwords.

Simply unique passwords can be more powerful! Applications such as LastPass can help make this easy and their installation on company machines can encourage your staff to use truly unique passwords.

2. Multi-Factor Authentication (MFA)

Absolute Networks Ltd can set-up and manage your MFA. With up-to-date contact and security information, like an alternate email address, phone number, or a device registered for push notifications you can respond to security challenges and be notified of security events. You can verify your identity if you ever forget your password, or if someone else tries to take over your account. Furthermore, risk-based MFA ensures that when the system detects suspicious activity, it can challenge the user to ensure that they are the legitimate account owner.

But user beware! Don’t become immune to MFA authorisation requests. Never accept an MFA notification if you haven’t tried to login.

Contact Absolute Networks Ltd to ensure your business’ password policy is fit for purpose and your door in really locked!

Published On: January 25th, 2023Categories: Business, Microsoft, Security