Why should you be creating strong passwords
Weak and ineffective passwords are at the root of up to 80 percent of cyber-attacks. Yet, many people continue to exercise poor judgment when it comes to securing their data and payment systems. They continue to use default passwords, reuse credentials for different systems or users, and show a lack of importance when it comes to creating unique passwords.
Some good rules of thumb are:
Be careful what you share
Scammers can usually find out enough about you and your business online to crack a carelessly planned password. The prime offender is the information you share on social media sites. For example, instead of simply posting your age, do you list your actual birth date? Bad actors know that the names of pets, children and even the address of your previous residence are all commonly used to create passwords as well as answers to online security questions.
So watch what you reveal online. Set the controls on your social media accounts so that only users authorized by you can read personal data. Security settings often change, so review your account and privacy settings on a regular basis.
Your password isn’t as uncrackable as you think
If bad actors can’t crack your password by finesse, they usually resort to brute force. There are a number of programs that run through every single word in the dictionary (plus proper names) until your password is cracked. In this case even words like the names of movie or TV characters can be deciphered. The same goes for for predictable word or number patterns like aaabbb, qwerty or 321123.
So it is recommended to make passwords long, random and memorable. You should be thinking more in terms of “pass phrases." instead of "Pass words." Here’s a great example: Tp4tci2s4U2g! (The password for (4) this computer is too (2) strong for you to (4U2) guess!) This password gets its strength from multiple words, random punctuation, random capitalization and random simple substitutions. It’s harder to crack, but easier to remember.
Passwords Don't Age Well
Even the best passwords can be compromised. Often times, users share passwords with coworkers or can be tricked into revealing their passwords (e.g., phishing scams). External servers that store passwords may be compromised revealing passwords to bad actors. To limit the usefulness of compromised passwords, most cyber security providers strongly suggest that passwords be changed every 30 to 90 days.
This does not mean simply swapping passwords among accounts. Reusing passwords can possibly give access to one account from another. It is equally important to immediately change any password if you suspect it may have been compromised or a theft attempt has been made.
When chaniging passwords, you should not make small changes to an existing password — for example, changing from userpassword1 to userpassword2 is not recommended and both passwords are very poor anyways.
Put technology to work when it comes to beefing up password security. Consider using sites such as Strong Password Generator to generate a truly random password. Or, use a site such as Microsoft's Secure Password Checker to evaluate your password strength.
Likewise, take some of the effort out of password security by utilizig a password manager. Instead of having to remember a number of long, complicated passwords, you can create one very strong password to log into the password manager allowing you access to all your passwords. A couple well-reviewed ones are LastPass and Roboform.
Establish a Company-Wide Password Policy
And finally, you should consider establishing a company-wide password policy that guides your staff in using passwords correctly. Provide the guidance from this page to your employees showing them how to create strong passwords and how often passwords should be changed. Stress why strong passwords matter to them and to your organization.