"Cybersecurity statistics indicate that there are 2,200 cyberattacks per day, with a cyberattack happening every 39 seconds on average. In the US, a data breach costs an average of $9.44M."
These are sobering stats. And with cyberattacks and data breaches continuing to rise, it is imperative to actively review current password best practices to enhance your digital security. Following current best practices will allow your employees and organization to stay protected against malicious attacks.
- Multi-Factor Authentication with Password Credentials: MFA provides an additional layer of security beyond traditional passwords by combining two or more authentication factors to verify a user’s identity. Typically, these factors fall into three categories:
- Something you know: Password or PIN.
- Something you have: Smartphone, hardware token, smart card.
- Something you are: Biometrics like fingerprints, facial or voice recognition.
- Password Complexity Requirements: In the past, simple passwords were prevalent, making it easier for attackers to crack them. To combat this, organizations and websites are enforcing stricter password policies including:
- Length: a minimum length of 8 to 12 characters, however, security experts recommend longer passwords, such as 16 to 20 characters.
- Complexity: Passwords should include a mix of uppercase and lowercase letters, numbers (between 0-9), and symbols (such as !, @, #, $).
- Exclusion of common patterns: passwords should not contain common patterns or easily guessable information.
- Uniqueness: passwords should be unique for every account. Use a secure password manager to help track all the passwords for accounts.
- Storage: never write passwords down on paper or store them on or near your device. Use a secure password manager to save your passwords. But research them first to ensure they themselves have never been hacked.
- Exclusion of personal information: passwords should not contain any personal information that would allow a hacker to know any other personal information like:
- Family/child’s name
- Birthdates
- Pets' names
- Addresses
- Place of birth
- Regular updates: Users are encouraged or required to change their passwords periodically. Organizations should be changing their passwords every 60-90 days and never reuse a previous password. Having a monitoring system to alert you will help keep organizations stay on top of updating their passwords.
With cyber threats evolving daily, it is crucial to stay up-to-date with the latest password trends to protect sensitive information. If you have questions, need employee cybersecurity training, or require Managed IT Services and Support, contact PCS.