Password Protection Policies and Why Op3N$3saM3 Isn’t a Good Password

Stop and think about how many passwords you use for all your apps, sites, and systems. Bet you didn’t realize how many there were. Recently I had to write down all my passwords and there are over 60 password protected sites that I use. What’s even crazier is that out of those 60 sites, most of my passwords are an iteration of each other. That means that if someone gets one of my passwords, they could probably clean out my bank account. Password protection policies are put into place for a reason, and today I am going to not only give you the basics of password protection but a few rules of password safety that you will thank me for later.

Password Protection 101

Password protection is now more important than ever. In today’s world of hackers and phishing emails setting a guideline for yourself that conforms with these threats is vital. For instance, if you click ‘Remember Password’ on your computer, it just takes that initial password for someone to be able to access all your sites and data and you are completely exposed.

The first step in password protection is to stay away from the top 10 most used passwords.

1. 123456
2. password
3. 123456789
4. 12345678
5. 12345
6. 111111
7. 1234567
8. sunshine
9. qwerty
10. iloveyou

The list above might seem obvious, but you should also not use your name, date of birth, children’s names, your address or your social security number. In today’s world with Social Media profiles and the ability to search for a person on Google, it has become far too easy to find out all that information.

Recently, I spoke with an online security expert and he explained that all passwords of eight characters or less have been hacked or can be automated and applied to any username where the system doesn’t have a lockout feature. The lockout feature is when you enter your password wrong three or more times, and the system locks you out. Sometimes for an hour and sometimes until you reset your password. What does this mean then? This means that password protection needs to be taken a step further.

Tips on Setting the Right Password

1. Make your passwords at least 10 characters. Before you start to roll your eyes at me, hear me out. Depending on who you listen to, it takes 25 times of doing something before it is committed to memory so this will take some practice, but it is worth your time if it keeps your important information safe and secure.

2. Adopt Passphrases instead of Passwords. Combining numbers and symbols to create stronger passwords was a great idea at one time, but it hasn’t taken criminals long to catch on to the practice of substituting an ‘e’ with a ‘3’ and an ‘s’ with a ‘$’. Whether you have a stronger password or not, this will make these passwords ineffective. The US National Institute of Standards and Technology (NIST) recommends creating long passphrases that are easy to remember but difficult to crack.

According to Special Publication 800-63 Digital Identity Guidelines, a best practice is to create passwords of up to 64 characters that include spaces. Compare the strength of a password like, ‘Op3N$3saM3’ to a passphrase like, ‘correct seed bagel open’. The NIST found that longer passwords take on average three days to crack, while a passphrase would take 550 years to hack.

3. Use password generator tools. There are lots of great tools that you can now use, and in fact, if you use Chrome, it will even suggest passwords now that are 10 characters or longer automatically. There are plenty of free password generator tools out there, that you can use, and here a few that I prefer.

1. Norton Identity Safe Password Generator
2. Strong Password Generator
3. Last Pass
4. MSD Services Password Generator
5. Safepasswd
6. Random Password Generator

4. Keep your passwords locked up and in a safe place. I know you are all thinking, but if I have these complicated passwords, I will never remember them! So, you might be thinking I will just jot them down in my notes on my phone. Phones are just as easy to break into, even with the face reading feature, so I recommend using a password manager tool. 

A password manager keeps all your passwords under one encrypted (and password-protected) roof. It generates strong passwords for you and automatically inserts them when you log into different sites. It can even store payment information to simplify online shopping. If you think a password management tool won’t offer you sufficient password protection, most password managers employ multi-factor authentication, so access to your credential vault is granted only with both a correct password and a correct authentication code. Most password management tools are a paid service, but it’s well worth it to keep all your important data safe.

5. Use a different password for every login. This might make you groan out loud, but the password generator tool and the password manager tool make that easy to accomplish.

Password Protection for Your Customers

This isn’t going to a full-fledged security document, but if you are a software company, like StratusVue, with an online platform, it’s even more important that you have policies in place to ensure password protection for your customers. Here are some tips to ensure that your user’s info is kept safe.

• Create a passwords blacklist – ask your IT to enable a group policy or blacklist of the simple passwords that are not allowed.
• Use a two-form authentication whenever possible or available.
• Require that all systems you use or implement encrypt the passwords.
• Verify that secure connections are used for all web apps. That means you should never use a password on a site that doesn’t have the lock or the ‘https’ for secure transport of data.
• Protect accounts of users with elevated permissions.
• Make sure the password to your backup is different than your other passwords. Having quick access to your data in an emergency is super important and that all starts with solid password protection policies.

The goal is to keep you and your user’s information safe and secure. Implementing these tips and tricks will help. Do you have any password protection policies or solutions you like to use? Leave them in the comments!

This post originally appeared on StratusVue.