Get in Touch

BLOG POST

4 Tips to Make Passwords Easier

April 29, 2021
Reading Time: 2 mins

The purpose of a password is to protect sensitive data from unauthorised access.

For a long time, to keep up this protective layer, we have advocated that employees create ever more complex passwords and change them even more often.

This is now wrong ! What’s the point of a password system if it makes employees lives even more complex and it doesn’t even properly provide protection any more? Most current password practices were designed for a different age and are no longer fit for purpose. One enormous lesson that the COVID pandemic has taught us, is that the work environment is now totally different :

  1. Systems and data only used to be accessible in a single office, on a single device, on a single network, where we could easily identify the trusted people.
    1. Now, many (unseen) people can now work on many (known and unknown) devices on many networks on many different systems at many locations – How do you know what to trust?
  2. Cybercrime is now super-industrialised which means old defences are easily and cheaply beaten. Bad actors can easily be profitable targeting individuals, let alone small businesses.
    1. Attacks will happen – so you need to contain and limit the spread and damage that will occur.

However, Human Nature is unchanged:

The more rules and complexities and changes you introduce , the more people will try to find an easy way around them.

  • Use the same passwords for every system – once known, access everything!
  • Predictable changes in passwords (e.g. !Password1 just changes to !Password2, etc.)
  • Use the same special characters all the time ( ! at start / end, $” for “s”, “@” for “a,” “1” for “l”, etc.)

 

The new Best Practice Password System:

  1. Introduce 2-Factor Authentication for all systems (e.g. a separate notification on your smartphone to make sure it’s you).
  2. Passwords should be a small phrase (not a single word) that contain no personal information and are easy to remember – e.g. the first few words of your favourite song.
  3. Use a password management system so you can easily have different passwords for every system and not have to remember them.
  4. Introduce risk-based protection / analysis
    1. Automatically Report/ Block any logins from locations you will never travel.
    2. Automatically Restrict what unknown devices can do with your data – e.g. if its unmanaged, don’t allow edits / downloads, etc.

If you do this, then:

  1. Passwords can stay small – around 8 characters in length
  2. Passwords rarely need changing at all (every 12 months or only if a breach is suspected)

Even better, with the right computer equipment, you can now even get rid of passwords all together when using a trusted device. Your employees will really appreciate the difference and your security will now actually work !

If you need help , feel free to give us a call; we’re happy to lend our expertise to your organisation.

 

LET’S COLLABORATE

Discover How We Can Accelerate Your Business Growth

SCHEDULE YOUR DISCOVERY CALL
Sales
Support
Email
SHOPCUSTOMER SUPPORT CENTREEMAIL SUPPORT
Sensible Business Solutions © 2021 All Right Reserved
Privacy Policy
magnifiercrossmenuchevron-down