No matter how much people hear “data safety,” they still can get sloppy about their cybersecurity. One of the reasons is that there are so many constant reminders that the warnings just become that much more background noise. Today, let's do a quick review of the one you hear most about ( and most likely to forget about) Passwords.
As annoying as they are (and who doesn't doest curse them sometimes) passwords are a basic and necessary evil to protect access to your data. One of the root innovations that helps sidestep the tedium of entering ( and remembering ) passwords are facial recognition and fingerprint security measures. These can be a real timesaver, but they aren't readily available across every site and device. So that leaves us with the question, what are the best practices for maintaining strong passwords and defending multiple sites, programs or devices (also known as “ good password hygiene’’)?
Maintaining password best practices
Simple passwords, with nothing but regular vocabulary words (even in other languages) are easily cracked. Most sites generally require mixed case, alphanumeric and a symbol or two for it to be an approved password. Here are a few things to remember.
- Avoid using the same password across multiple sites or devices.
- Don’t share your passwords with co-workers, no matter how convenient or timesaving it may be
- Don’t send passwords ( or any critical personal data, for that matter) via text or email.
- Don’t save them on a device in an unencrypted file
- Remember to change them periodically
- Be sure that access to files is removed immediately when an employee leaves an organization or no longer has need to access particular programs, data or machines
Related to the password method of maintaining data security, multi-factor authentication is becoming increasingly popular and is often required by some organizations. Basically, this takes the password idea and adds another layer to ensure that the correct user is entering the password. Your ATM is an example of MFA. Just a password isn't enough at the ATM--you have to have your ATM card also. Most of us know MFA through the request to enter a one time code that is sent to us, on a different platform, after we enter our usual password. Again the idea here is that even if a password is stolen, a second form of identification is required to ensure the correct person is gaining access. NOTE: A common form of MFA is to send a text message to your phone. Be aware that if you leave the country and don't buy a text package for your phone, you may not be able to access some sites that use this form of MFA.
In short, we hear most about password safety, but because it can be such a pain to change them, we open ourselves and our business to data vulnerability. Contact Strategic Technology Associates for ideas to improve your data security.