Compromised credentials are one of the biggest factors in lateral movement during a breach. It's important we're thinking about how we protect our passwords. Here are some tips to help you manage your passwords more effectively.
While lists like the top 20 worst passwords of 2018 is rather amusing, we must understand that passwords continue to remain a big problem in cybersecurity and with employees outside, and maybe even within, the IT department.
Here are three of our top password management and security tips for individuals. Our first point here has special emphasis for companies.
1. Use a Password Manager
It does not matter what password manager tool you use. It's just important that you're using a password manager at all. These allow you to configure unique passwords for each service you use while only needing to retain one "master password."
2. Never Re-use Passwords
We get it. In today's day and age there is a password for everything, and they can be very difficult to remember, unless you use the same password for everything.
Using the same password for multiple services exposes your data to unnecessary risk. If an attacker was able to compromise your Facebook password, it's not really a big deal. But if that also happens to be the password for your bank account, then you see an exponential increase in risk. Instead, use a password generator to create strong, complex passwords that are unique to each service.
3. Change Passwords Regularly
Some password managers have a password aging function which alerts you to change your password at a defined interval. Best practices suggest users should change their passwords every 90 days, as part of their personal security plan.
And no, do not put your new password in the Notes section of your phone. A password manager may be an even easier tool to use than scrolling through the Notes on your phone.
Want to talk more about security tools for your business? Reach out!
Just want to read more? Learn...
- pretty much everything you need to know about pen testing
- why you need two-factor authentication tokens
- how to 'not' create a secure password