Passwords serve as businesses’ first line of defense against cyberthreats. If passwords are weak or compromised, cybercriminals could easily access your company’s sensitive information, including customer records, financial data, and intellectual property.
As cyberattacks become more sophisticated and prevalent, it is more crucial than ever to create strong, unique passwords and keep them safe. Here are the password best practices for 2023:
Make passwords long
It’s important to create long passwords. The longer a password is, the harder it is for cybercriminals to crack. The National Institute of Standards and Technology (NIST) Special Publication 800-63B Digital Identity Guidelines provides the following recommendations for password length:
- All user-created passwords should have at least 8 characters.
- All machine-generated passwords should have at least 6 characters.
- The maximum length of passwords should be 64 characters.
To make your password easier to remember, consider using a passphrase. A passphrase is a string of random words, such as “My hands are my Passport.” Avoid using common phrases in your passphrase, such as “I love you very much” since cybercriminals usually use dictionaries and lists of common words and phrases to try to crack passwords.
Avoid commonly used and breached passwords
Disallow passwords that are commonly used, such as sequential characters (e.g., 9876), repeated characters (e.g., bbbb), context-specific passwords (e.g., the name of the service), or those in most common passwords lists.
Additionally, don’t allow your employees to use passwords that are included in lists from breaches, such as the Have I Been Pwned database, which contains over half a billion passwords previously exposed in data breaches.
Don’t reuse passwords
Use unique passwords for every single account you have. Otherwise, if one password gets exposed in a data breach, cybercriminals could use that password to access all of your other accounts, including your bank account, email, and social media accounts. This is known as a credential stuffing attack. Such attacks are highly effective because many people reuse the same username and password pairs across multiple accounts.
What’s more, Okta’s 2022 State of Secure Identity Report revealed that 34% of overall traffic/authentication events on their identity and access management platform can be attributed to credential stuffing attacks. In other words, a third of all login attempts are malicious and fraudulent.
Leverage password managers
Most users struggle to keep track of numerous passwords, especially when these are long. The good news is you can use a password manager to securely store your passwords, relieving you of the burden of memorizing all of them. With a password manager, you simply have to memorize one password (i.e., master password) to access all your other passwords. Not only that, but a password manager can also create strong, unique passwords for all your accounts.
Enable multifactor authentication (MFA)
MFA adds an extra layer of security to your accounts by requiring you to provide one or more proofs of your identity on top of your login credentials. This means that even if cybercriminals manage to steal your password, they will still need to fulfill the other MFA requirements in order to access your account.
Respond swiftly to data breaches
A data breach is a security incident in which sensitive data is accessed or stolen without authorization. If a company notifies you of a data breach that could expose your account password, you should change your password immediately to prevent financial losses, identity theft, and other possible consequences. Make sure your new password is strong and unique. If possible, enable MFA right away.
Moreover, monitor your account activity for any suspicious activity, including unauthorized transactions and reports of new accounts you did not open.
Adopting these password best practices will help protect your business from cyberthreats. Remember, stronger passwords mean fewer headaches and increased peace of mind. To further enhance your company’s security posture, turn to the cybersecurity experts of SpectrumWise. Schedule a consultation with us today.