Your password is between you and your computer. There is never a good reason to share your password with anyone. This includes your IT provider, your boss, your colleagues, or your office manager. Your password is your personal authentication, and once someone else knows your password, you can no longer prove your identity. Giving out passwords increases chances of compromises that can lead to big costs to remedy.
Here are some suggestions on ways to control and manage passwords at your business:
- Use a self-service password reset and account unlock solution. This not only saves time but eliminates a security risk. Using a simple mobile app, employees can reset their work passwords themselves without calling IT for assistance. If you are relying on your IT to reset passwords, your IT should verify your identity before they can assist you. Resetting your password yourself saves time and reduces security risk.
- Use a password manager. This is a platform for safely and securely storing passwords. Business-grade password managers provide an environment where your administrator can control employee permissions and the ability to revoke access upon termination. Choose a platform that allows a manager to “share” a password, without the employee seeing the actual password (they only see ************). Password managers can provide robust reporting and auditing tools to enforce internal controls and maintain compliance standards.
- Use a different password for every login. If you are using a password manager, the tool will include a random password generator. Or you can type a bunch of random characters on your keyboard and let your password manager remember it for you.
- Use a long phrase for passwords you need to remember, such as your master password. Strong passwords are long; the more characters you have, the stronger the password. Total Networks recommends a minimum of 14 characters in your password. In addition, the use of passphrases (passwords made up of multiple words) is strongly encouraged. Examples include “footer rumbling renewal freebee” or “block-curious-sunny-leaves.” Passphrases are both easy to remember and type yet meet the strength requirements. Avoid using birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.
- Do not use the “Remember Password” feature of applications (for example, web browsers). The reason for this is if a criminal ever got access to your computer and browser, they would have the keys to the kingdom. Password managers require that you enter your master password first.
- Always use Two-Factor Authentication for Business Accounts. Multi-factor authentication (MFA) requires one factor, such as a password, to be combined with another factor such as a code texted to your mobile phone, or biometrics, such as your fingerprint or voiceprint identification or retina scan to gain access to your account. Multiple factors are generally: (a) something you know (password), (b) something you have (phone), or (c) something you are(biometrics).
You want your systems to be sure that it is really you and not a hacker pretending to be you. Following these tips will go a long way to reducing your risk of a breach.