Password Best Practices for Your Roanoke and Richmond Businesses
June is Internet Safety Month. Of course, when you're in the IT Business, internet safety is never far from your thoughts…but to celebrate this festive season, we're going to give you our top tips for password best practices that you should be using for your Roanoke or Richmond Business (or any business!)
If you're not already following these guidelines, it's time to establish a policy and maybe call your local IT consultant.
Use Password Best Practices
Does anyone like typing in a 16-character password and memorizing a new one for every site? Probably not. But is it a necessary part of internet safety? Absolutely.
It's also tempting to ignore the character guidelines for capitals, lowercase, symbols, letters, and numbers, but again, complexity makes hacking more difficult.
Hackers use software to perform a brute-force attack, which involves trying every random letter and number combination until they get it right.
They can guess most seven-character and under passwords instantly. If you used only numbers, they could guess a 12-character password in under a minute. Every rule you follow to improve your password makes it harder to brute-force crack, so your IT consultant isn't just being annoying—they're looking out for your best interest.
Change Your Passwords Regularly
You're not going to like this, but ideally, you should change your password every three months. Naturally, when you understand brute-force attacks, it's easier to understand why. Even if it takes five years for software to guess a password (which is true for 10-character passwords with numbers, upper and lowercase letters, and symbols), if you take that long to change your password, you will eventually be hacked.
And while memorizing is challenging, with password managers so readily available, there's really no excuse anymore. At AesirTech, we’re personally big fans of Keeper, a software we can sell and install for you to make your experience easy and seamless.
Pick Unique Passwords
It's tempting to use the same password (or a similar one with variations) across multiple sites, but this puts you at a much greater risk of getting hacked because once someone breaks your password, they've broken all of them.
And picking a word like your name but adding the website's name will not cut it! That's the first combination any worthy hacker will try.
Beware of Phishing
Phishing is the process that scammers use to get your private information so they can access your account. They'll often do this by impersonating a company and then asking you for information about your account with that company. Most frequently, this is done with banks and other money-making sites, but no company is immune.
Phishing perpetrators are very effective at making their emails look like they're really coming from the company they're impersonating. However, there are often signs if you know where to look. Don't click on a link to put in your password. Instead, always go directly to the website's login page.
Phishing is not exclusive to passwords, but it's one of the pieces of information that nefarious actors will try. No reputable company will ask you to share your password in an email. On the off chance that you are working with a company you know that asks you for it, you should explain to them why it's not safe. Link to this blog if you like!
Always use password best practices, and you'll be on your way to a safe relationship with the internet. Tune in next month for more internet safety tips, and contact us if you've already compromised your computer's safety.