From company email accounts to secure areas of enterprise systems like servers and sharing platforms, protective passwords are a ubiquitous tool to enhance security. To ensure the integrity and the security of the data and internal controls that are typically stored behind these personal credentials, it is essential that passwords are always strong and remain private. In this blog, we’ll look at some vital policies that every business should consider when using passwords in 2022.

Password strength

Passwords must be strong enough that they cannot be easily cracked or guessed by a malicious actor. They should never feature personal information such as the name of a pet, child, spouse, TV character or sporting team.

Passwords should have a minimum length of eight to 12 characters, at least. To ensure that passwords are difficult to work out but possible to remember, the National Cyber Security Centre (NCSC) advises that credentials are created by combining three words that are not associated.

Issuing and using passwords

To avoid staff employing easily rememberable but simple to guess credentials, secure passwords should be issued to them by IT security. To mitigate risks that passwords have been shared with others, these credentials should be altered on a regular basis. Additionally, if an employee leaves the company, their passwords access rights should immediately be revoked.

Protecting against brute force attacks

Hackers will use cracking software to guess passwords and enter accounts. To prevent this tactic, firms should throttle how many guessed or unsuccessful attempts are allowed. The government-backed Cyber Essentials scheme advises that companies allow a maximum of 10 unsuccessful attempts before lock-out is enforced.

Multi-factor authentication (MFA)

MFA allows enterprises to add an extra layer of security to company accounts. There are many different types of MFA that firms can deploy, but the principle remains the same. Essentially, a user will require not only their password, but a secondary piece of proof of their identity to mitigate account hacking.

A simple option is a code sent via SMS to their smartphone which they must enter before access is granted. Unless an attacker has both the user’s password and personal device, they will be unable to get into the account.

Another option is using biometric data like a fingerprint or retina scan. The benefit of this option is that users do not have to be in possession of their smartphone to access an account and if signal reception is poor to receive an SMS, there will be no delays to productivity.

Stay secure with Galaxkey

At Galaxkey, our secure system stores no passwords, so your credentials are never left vulnerable to attackers. Additionally, it has zero backdoor for hacker exploitation and is equipped with powerful security tools to keep your employees and the data you use and store safe.
From electronic document signing that allows you to securely sign important contracts in minutes to robust end-to-end encryption that ensures the privacy of your information, our suite of tools is second to none. Contact us today for a free two-week trial.