Have you ever wondered why your employer makes you change your secure password every 60 days? It’s because they assume you are using that same password on every third-party website you sign up for. More than 50 percent of Internet users repeatedly use the same password on third-party sites despite clear HR guidelines against doing so.
This is of serious concern because an estimated 30,000 websites get hacked daily, which exposes passwords to the entire Internet and, worse, citizens of countries that are very interested in your company’s data. Your company email address and password are the keys these criminals need to infiltrate your company’s network, access sensitive data, and possibly cause massive data and financial loss. The damage to your company’s reputation–and your career–can be devastating…
The key to securing your job and your account is creating a strong password, but, a strong password that you can’t remember isn’t very useful. However, the last thing you want to do is get on your IT person’s bad side by asking for a password reset every day. That won’t be good the next time your printer stops working and you need some tech support.
Most websites now require an 8-character password that isn’t a random number. The difference between brute-force cracking a 7 or 8-character password with numbers and mixed-case is almost 2 years. Adding a special character to this equation adds almost 500 years!
The longer a password is, the harder it is to guess. That’s why PCI and HIPAA Compliance requires up to 14-character passwords, which would take more than 100 years to crack even without special characters.
How do I remember these often ridiculous phrases?
It may seem difficult to remember your new secure passphrase, especially since it needs to be changed every 60 days.. However, here are some tricks to the system that will help protect you and your relationship with your IT person at the same time:
Example: Password1 cannot be changed to Password2, but 1Password can be changed to 2Password
Example: Your favorite store 617Neiman
Example: Use 0 or Ø for O, @ for a, $ for s, ! for I, or use parentheses around everything (617Niem@n)
We use Last Pass at Achieve Networks because of its ease of use and price (free).
A corporate network may not allow you to use a password manager because they do not have control over where your passwords are stored. If you work for an organization with highly sensitive data, such as the finance industry or for the government, I would not recommend using any password manager.
You should also consider using a password for your mobile device.
You wouldn’t leave your front door unlocked or put a key under the doormat if you went on vacation, so why would you stick your password on your monitor at work?
This may seem like a no-brainer, but I have seen plenty of Post-It® Notes stuck right on the monitor with the user’s username and password. As much as we would like to trust the cleaning crew with your credentials, they are not bound by the same contract as full-time vested employees of your company. I do not recommend writing your password down anywhere, but if you need to, don’t write your username on the same paper as your password.
The security issues of free and unsecured Wi-Fi could take up a whole separate article. Just be aware that any public areas are vulnerable to data leaks. Change your password often, and always be nice to your IT person. 🙂
Contact us for knowledgeable network security guidance and support
Achieve Networks builds and maintains rock solid networks with the strongest security available to protect your data. If you are an IT manager or business owner concerned about your data security (and you should be), get a free network audit for your business.