TECHNOLOGY
SAFEGUARD YOUR PASSWORDS
Passwords are a crucial part of any
business’s security. They are crucial
to the security of your company’s
data, and it goes without saying
that you should use strong passwords.
But how do you set a strong password
exactly? Here is what we suggest.
By now, most people know the best
practices for creating strong passwords,
however, some do not realize the
importance of following them. Everyone
should set strong passwords by following
these recommendations:
First, we encourage users to make their
passwords as long as possible. Longer
passwords require more effort to crack.
The combination of long passwords and
our other strategies will keep hackers at
bay. You may find hackers searching for
another victim who offers fewer challenges
if you make it harder for them to crack
your passwords. The more bits of entropy,
the more difficult it will be to crack during
a brute force attack. Use 19-22 characters
to ensure data security.
Avoid using personal information
(children’s names, pets’ names, important
dates, places visited, or favorite sports
teams) as part of a password. It is
impossible to create rules for this tip, so
you need to include it in user training. If
hackers discover your social media profile,
they will have an easier time guessing
your password. Special characters can
effectively protect passwords. Make
them a requirement if your system allows
them. It would be wise to exceed the
recommended amount. Spaces, periods,
and other special characters may be
allowed in some websites and companies.
After you have learned how to create
strong passwords, you are ready to extend
the security of this core component. You
can secure the entire login process – from
start to finish – by following these three
tips:
Utilize multi-factor authentication
It’s time to learn more about multi-factor
authentication (also known as two-factor
authentication or 2FA). The easiest, most
straightforward method for integrating
By Robert Hessel
multi-factor authentication into your
infrastructure is via a cloud-hosted system
such as Azure Active Directory or Okta.
Employees and end-users will be required
to verify their identities using multiple
factors. Mobile apps, text messages, and
emailed links are some of the standard
authentication methods.
Consider Password Storage Are you
noticing that employees check a sticky
note under their keyboard every time they
sign in? In that case, your teams may want
to discuss password security again. It is
not good to write passwords down or
store them in places that others can access.
Security breaches can happen despite how
much you trust your employees – even
from inside the company.
Employers should be instructed to
use a password-safe web portal, such as
Thycotic & Pleasant Password, if their
passwords must be stored. Many web
browsers offer built-in password storage
with autofill for recognized websites, such
as Google Chrome and Microsoft Edge. It’s
a reasonable solution, but some companies
don’t allow them on workstations. It is up
to you and your IT team to make use of
these systems.
ADVERTORIAL
112 TAMPA BAY MAGAZINE | SEPTEMBER/OCTOBER 2021
MAXX-STUDIO
Establish Reset and Expiration
Rules Lastly, a ban on previously used
passwords may also be a good idea. Most
employees alternate between their two
favorites, changing the year at the end
of the password now and then. Your IT
department can eliminate this problem by
implementing a simple rule in Azure and
other cloud-based authentication servers.
It may be helpful to consider a
“maximum reset” policy for your
authentication server. When someone
other than the user requests a reset and
the IT department does not initiate it, you
will immediately know that something has
gone wrong. By implementing a policy
like this, the IT team could be alerted to
an internal breach.
Although some recommendations
might seem intuitive, it’s easy to fall
back on some bad habits when it comes
to password security. It’s best to take some
time to develop training guidelines and
get everyone in the company onboard. 9
EDITOR’S NOTE: Robert Hessel at Source 1
Solutions can be contacted at (727) 538-4114
or by visiting source1solutions.com.