How to create strong passwords to protect you, your business
An interesting report from the Pew Research Center came out at the end of April, which showed that only 39% of Internet users changed their passwords or closed accounts after hearing about the Heartbleed security flaw.
Given that the overriding security message was for people to change passwords in the wake of the Heartbleed incident, I thought I’d talk about the importance of strong passwords and how business owners can take some simple steps regarding passwords to protect their businesses.Password policy: If your business doesn’t already, you should create a written password policy to help ensure employees don’t get careless about password protection. A basic policy should include:
- A requirement that employees change their passwords on a regular schedule — say every 90 days or every six months.
- Protocols to ensure strong passwords — such as requiring the use of special characters (*+%#!), lower and upper case letters, and numbers. A good password is random, complex and long (10 characters, at least).
- Clear instructions to keep passwords confidential.
- Random. Don’t use family names, birthdates, addresses, or other common information in your passwords. Last year I was part of a TV interview segment from Bay Area consumer affairs reporter Michael Finney, and he suggests in this clip a few ideas, like stringing together song lyrics, or memorable lines from movies, or movie or book titles.
- Complex. A movie or book title alone is random, but not complex. So you should use a combination of upper-case letters, lower-case letters, numbers, and symbols. A good trick is to use the number 1 in place of the letter I or “$” in place of the letter s.
- Long. Ten characters are considered the minimum for a very secure password.
- A final note on storage: As tempting as it is, do not write down passwords or save them in a file on your computer. If you have trouble remembering all the complex passwords that you use on the internet, store them in a secure encrypted place.
Password managers offer a secure convenient way to store you passwords, and all you need to do is remember your one complex master password. Some of these products can be configured for 2-factor authentication. There are many available — LastPass, Password Safe and 1Password, to name a few — and they can be found easily searching the Internet.
Strong, confidential passwords are a first line of defense against cyber-security threats. For more information about online security, visit the Department of Homeland Security’s Stop Think Connect Resource Guide.