The 2024 Guide to Building Better Passwords

In the wake of major data breaches like MGM, Uber and others, it’s clear that poor password hygiene remains a systemic issue. With cyber threats on the rise, now is the perfect time for individuals and organizations alike to reassess their authentication practices and prioritize security. Follow this New Year’s guide to implementing robust passwords and account protection in 2024.

Length, Length, Length

When creating passwords:

? Aim for at least 12-14 characters; 20+ for privileged accounts

? Mix upper and lower case letters with numbers and symbols

? Avoid sequences or repetitive characters

Longer, more complex passwords are exponentially harder for hackers to crack through brute guessing attempts.

Expiration Dates Are Key

? Change passwords every 60-90 days for most accounts

? Set more frequent renewal periods for accounts with sensitive access

? Prompt users well ahead of deadlines to update credentials

Regular password changes are crucial to thwart unauthorized access before leaked data can be exploited.

Ban the Basics

? Maintain and update blacklists of easily guessed passwords

? Immediately reject choices like “Password123” or other obvious combinations

? Enforce password generators for greater randomness

Preventing predictable passcodes shuts down the easiest route to account takeover.

Double the Protection with MFA

? Enable multi-factor authentication across all accounts

? Back up passwords with verification codes sent over SMS, calls or apps

? Consider FIDO standards for passwordless authentication

MFA ensures passwords alone can’t fully compromise accounts even if phished or stolen.

Guard Against Password Harvesting

? Institute login alert features signaling suspicious activity

? Mask password fields during entry

? Limit failed login attempts to deter guessing

Defending against phishing and minimizing invalid logins curbs password exposure risk.

Creating Stronger Password Policies for the New Year

Hindsight is 20/20 when it comes to major cyber incidents, with weak authentication often identified post-mortem as a contributing weakness. Rather than waiting for disaster to strike, use the momentum of 2024 to implement safer identity and access foundations proactively.

Start by auditing current password policies against guidance from respected industry bodies like NIST, ISO or CIS. Identify gaps representing risk – say, lack of multifactor authentication or password blacklisting – to target for improvement right away. Updating programs will vary by company size and industry compliance needs, but the key is starting now even if phasing-in elements over time.

Specifically for cybersecurity teams, a 2024 New Year’s resolution to overhaul password controls and broader identity frameworks is time very well spent. Promoting enhanced personal password hygiene – no more flimsy “dog123” standbys! – across organizations is also vital for risk reduction wins.

Rather than remain reactive, work with us to benchmark existing protocols against best practices, locate vulnerabilities and budget for essential upgrades.

What we can do?

? Rapid baseline testing displaying policy strengths vs shortcomings

? Data-backed guidance tailored to your tech stack and use cases

? Easy-to-execute roadmaps to drive adoption of priority safeguards

? Help in setting up MFA and educate your employees

? Ongoing visibility into identity program maturity and real risk levels

Cyber threats will inevitably continue growing in sophistication and frequency. But implementing robust, risk-appropriate authentication controls makes harmful incidents far less likely while enabling easier damage control if breaches ever occur.

Contact Sennovate today to schedule a demo and password policy gap assessment. Let us help your organization start 2024 off right with identity and access foundations built to withstand intensifying threats.