One IT security strategy used by various businesses and other organizations is routine password replacement. At regular intervals, such as every three or four months, employees change the passwords to their accounts.
The purpose of this strategy is to keep cyber criminals and other unauthorized individuals from successfully using a password.
People assume that if the password changes every few months, its older incarnations will lose their relevance, giving legitimate account holders additional protection.
However, a recent article published in Business Insider highlights a major flaw in this approach. To comply with the requirement of regularly changing their passwords, employees and other authorized account holders often rely on convenient tricks that wind up weakening their passwords’ strength.
For example, they may create their new password by changing only one character in the old one, or by reusing passwords that they’d already relied on months earlier. That means that someone who knows an old password can guess at a new one and obtain unauthorized access to an account.
Furthermore, as pointed out in the article, the tricks you try to use to protect your password don’t mean much if hackers exploit other vulnerabilities to get into your system.
Rethinking Password Strategies
The computer tip of the day is to rethink your approach to password security. Always evaluate the efficacy of your company’s cyber security tools and strategies, along with making sure they belong to a larger, comprehensive IT security plan.
When it comes to good password policies, the following are a few tips to consider:
- Make sure your passwords have sufficient complexity; for example, they should be long and contain a variety of characters.
- If you rely on password recovery questions, don’t answer them with information that’s available for anyone to find out.
- Two-factor authentication provides an additional layer of protection; even if hackers steal your password, they would also need to have your phone to type in the verification code and access your account.
- You can rely on a reputable password manager that generates strong, complex passwords for different accounts and protects them with encryption.
Contact us to further discuss the best cyber security practices for your company. It’s important to not simply rely on received wisdom or imitate what other companies and organizations are doing.