How to create strong passwords to protect you, your business

David Pollino
Posted by David Pollino

An interesting report from the Pew Research Center came out at the end of April, which showed that only 39% of Internet users changed their passwords or closed accounts after hearing about the Heartbleed security flaw.

Young man sitting in white room working on a white laptop.Given that the overriding security message was for people to change passwords in the wake of the Heartbleed incident, I thought I’d talk about the importance of strong passwords and how business owners can take some simple steps regarding passwords to protect their businesses.

Password policy: If your business doesn’t already, you should create a written password policy to help ensure employees don’t get careless about password protection. A basic policy should include:

  1. A requirement that employees change their passwords on a regular schedule — say every 90 days or every six months.
  2. Protocols to ensure strong passwords — such as requiring the use of special characters (*+%#!), lower and upper case letters, and numbers. A good password is random, complex and long (10 characters, at least).
  3. Clear instructions to keep passwords confidential.
Automated password updates: Most information technology systems have a security setting that can require a password change on a set schedule — every 90 days, for example. Rather than just encouraging your employees to update their passwords regularly, you can configure your workplace computers, network, and cloud services to ensure users change passwords on a consistent schedule.

Password tips: Basic principles for strong passwords are that they’re random, complex and long. What does that mean?

  1. Random. Don’t use family names, birthdates, addresses, or other common information in your passwords. Last year I was part of a TV interview segment from Bay Area consumer affairs reporter Michael Finney, and he suggests in this clip a few ideas, like stringing together song lyrics, or memorable lines from movies, or movie or book titles.
  2. Complex. A movie or book title alone is random, but not complex. So you should use a combination of upper-case letters, lower-case letters, numbers, and symbols. A good trick is to use the number 1 in place of the letter I or “$” in place of the letter s.
  3. Long. Ten characters are considered the minimum for a very secure password.
  4. A final note on storage: As tempting as it is, do not write down passwords or save them in a file on your computer. If you have trouble remembering all the complex passwords that you use on the internet, store them in a secure encrypted place.

Password managers offer a secure convenient way to store you passwords, and all you need to do is remember your one complex master password. Some of these products can be configured for 2-factor authentication. There are many available — LastPass, Password Safe and 1Password, to name a few — and they can be found easily searching the Internet.

Strong, confidential passwords are a first line of defense against cyber-security threats. For more information about online security, visit the Department of Homeland Security’s Stop Think Connect Resource Guide.

Reminder: All comments are moderated prior to publication and must follow our Community Guidelines.

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.