5 Tips for establishing a stronger password policy for your business

5 Tips for establishing a stronger password policy for your business


Passwords play a central role in cybersecurity. The problem is that users have developed appalling password habits and despite the growing number of security incidents, many still use short and weak passwords that can be easily cracked by hackers.

When it comes to mobile devices, there are still plenty of users who don’t employ security passcodes and still use privacy and security default settings. These terrible security habits are precisely why businesses need to document and enforce a strong password policy.

#1. Stop mandating regular password changes

One of the most common pieces of advice you’ll hear about password-based security is that you should change your passwords regularly — typically every six months or more frequently. The problem with this advice is that if an account has been hacked, changing your password weeks or months down the line simply out of habit isn’t going to help solve the issue. What’s more, people will likely forget their login credentials and end up writing them down on a Post-it note, which is far from ideal. Instead, passwords should only ever be changed following a suspected data breach.

#2. Encourage the use of complex passwords

The worst and most common passwords around are “123456” and “password”. Other ill-advised passwords include first names, dates of birth, and names of pets, all of which can often be found with a quick social media search. Such passwords could be easily cracked via a brute force attack.

However, complex alphanumeric passwords that don’t contain words in any dictionary, are exponentially harder to crack. A strong password should be 10 characters long and consist of letters, numbers and, ideally, symbols. Another way you can create strong passwords is by using passphrases. These are a random string of words that are easy to remember, but in theory, are much more difficult to crack.

#3. Prohibit password sharing

Password sharing makes it easier for multiple users to access a team account. While managers and some employees need to share passwords to delegate tasks, it’s wise to use tools to allow for a more convenient and secure way to share passwords. A password manager generates and stores passwords for safekeeping. All you need to do is to ensure proper configuration and training.

#4. Provide a unified single sign-on

A unified single sign-on (SSO) is an identity and access management (IAM) solution that allows users to log into multiple accounts at the same time with just one set of login credentials. While that might sound less secure, it’s actually better for security because it’s easier to manage and less prone to human error, such as forgetting one or more of a multitude of login credentials.

Aside from reducing risk by mitigating bad password habits, SSO has a clear and positive impact on productivity, reduces the burden on the IT department to handle password reset requests, and accelerates the adoption of company-promoted applications.

#5. Implement multifactor authentication (MFA)

Passwords are just one layer of security and by no means should they be the only thing protecting your accounts.

MMFA provides an extra verification layer to confirm the user’s identity, such as a fingerprint scan or a one-time security token. MFA is ideal for verifying user identities when logging in from a new device or location. This ensures your account remains secure even if hackers managed to get a hold of your passwords.

Make sure MFA is enabled wherever possible, especially on accounts that contain highly sensitive information.

Founders Technology Group provides security solutions and expert guidance to keep your business safe from cyberthreats, natural disasters, and human error. Call us today to schedule your first consultation.