Good Password Policy

Good Password Policy May Not Be Sufficient

It is a fact that complex passwords are not that strong as most people think. It is estimated that 80% of cyber breaches are due to weak passwords, potentially putting businesses at risk of losing millions. Password security depends on making cyber security a bigger issue because every individual who has a work or private internet account has a password and most of the personal and company data is now hidden behind them. Good password policy may not be sufficient but it helps reduce the cyber breaches if individual or organization takes care of the password management.

This makes an organization’s cyber security dependent on its rank-and-file employees because every staff member with a password to access corporate systems or data is potentially a weak link in the organization’s cyber security chain.

Never treat your passwords as traditional keys. People don’t make multiple copies of keys so that they can leave anywhere, likewise passwords should be taken care and should stop writing down passwords on bits of papers and throw them away.

Passwords are sometimes made so complex that owners can’t remember them, sometimes lost or not updated. Most of the companies believe that a good password alone cannot be enough to protect their data and systems against intruders.

 

>> READ MORE:   Risks of Shadow IT in Financial Services Firms

So How Can You Infer That Password Is Perfect?

  • Strong Password: The secret to the strong password is neither the longest one nor the most complicated one, but the password which is personal to the user can be remembered easily, where user don’t have to write it down

 

  • Simplifying Password Management: Formula-based (algorithm) based passwords have many advantages over traditional passwords. These algorithm-based passwords are personalized to each employee to login with Special characters, Numbers (employee ID) which makes them easy to remember

 

  • Under Organization’s Control:  password vaults centralize the whole process of creating and updating passwords which enables organization to take control of Cyber Security. These password vaults also help in identifying the strongest password, recent password changes as well as failed login attempts

 

  • Two-Factor Authentication: organizations must use the two-factor authentication to increase the number of hoops a potential attacker has to jump through. Should also use air-bridge or gapping mechanisms to ensure different devices and networks are isolated and have different “ratings” of security depending on the sensitivity of the data or system

To Know More about Two-Factor Authentication: click here

 

>> READ MORE:   Top 3 Insights Into The Impact Of Shadow IT

Ref: 

https://www.computerweekly.com/opinion/Security-Think-Tank-A-good-password-policy-alone-is-not-enough

www.securenvoy.com/two-factor-authentication/what-is-2fa.shtm

FREE Breach Risk Assessment Report