10 tips for managing your own passwords

Security must be careful, even if it is not convenient

The password technology itself has a fatal defect, which is true. But for most enterprises, they are the best choice. In fact, everyone can manage their passwords more effectively.
Password security has always been a problem, unless it can be replaced by a technology similar to biological checks in the future-and this is the direction that industry technology is currently working on. Before that day, we 'd better cultivate a security culture to manage our passwords more effectively.

 

1. Do not write the password on paper

If someone feels incredible about this, as long as we are still talking about password management, we have to put this article as the first point.

If you have told the staff why they can't do this, but the staff still write their passwords, either your system is too complicated or you have too many requirements on them. Companies must maintain a balance between security and ease of use, because if they do not understand the latter, it is easy to undermine the former.

Therefore, you must confirm that your employees have received the correct password security education. If you need to revise your password policy, please refer to the following measures.

2. You must set a password.

When you saw the first article, did you think it was too obvious? However, if you see that many systems only use the default built-in password, such as "password", "changeme", or other similar words, but do not modify or set the password, you will not be surprised.

3. Reduce the password as much as possible

Pay attention to maintaining a balance between the number of passwords and manageability. Determine which network system software requires the highest priority. If employees have to remember 10 passwords, which correspond to the data from the highest secret to the most junk, they may not be able to remember them all at all.

Who can ensure that the password he wrote down and lost is not the most secret?

4. Employees must change their passwords on a regular basis

This article limits the dangers of Old passwords that colleagues had known each other. At the same time, it also closed the "window of opportunity" for those who accidentally fell into the hands of the old password ".

How long it takes for employees to change their passwords depends on how you balance security with ease of use. If employees are asked to change their passwords once a week, they can easily confuse them and finally have to write them down with a pen. In fact, the password change interval-such as the comparison of 90 days and 30 days-proves that the longer the validity period of the password, the more people remember the complex password, the more people take care of the password.

5. New passwords must be replaced

Do not change the password directly from the old one, especially the one that only changes one letter. It is easy to guess the password changes like RandomW0RD1, RandomW0RD2, and RandomW0RD3.

6. Do not use common words

Common words should not be used in passwords, so as to avoid being cracked by dictionary attacks (the so-called dictionary attack means that all words are automatically read from the dictionary using software, and test the correct password one by one ). Names, addresses, or other words that are easy to think of should also be disabled. Many employees prefer to use their own names, partners' names, or pet names as passwords, which requires sufficient attention.

7. The password should be long enough-but not long enough

A password must contain at least eight characters including uppercase and lowercase letters and numbers. If the password length is too long, employees may be too reluctant to remember it, so that they can use repetitive letters or common strings, such as "ABCDEFG123456789.

In fact, giving employees a minimum length and a reasonable upper limit will help them develop their ideas. One suggestion is that short sentences are better than words. For example, mYd0g1sCALLEDf1d0 is much harder to guess than "fido. Repeat this step again to create a safer password.

8. automatically force password change

Employees should be automatically required to change and select a secure password. Do not expect employees to remember the last time they changed their passwords, the passwords they used in the past few years, and the words they used cannot be used in the passwords. This is not a matter of trust or failure. This is a historical issue and tells us that policies are never attached to choices.

9. Education Staff

Ensure that password policies are written into employment contracts and that all employees understand why this is necessary. Optimistically, if other measures are effective, the most serious ones may be able to meet the requirements. do not disclose the passwords to each other or write them down. These terms will also prevent password duplication between services-especially between the enterprise's internal and external. A company's login may be more confidential than a newspaper subscription login, which can be shared with friends or family members.

10. looking into the future

Finally, pay attention to the long-term solutions that may replace passwords-such as biometric technology and two-factor authentication. The password is flawed, and the recommended technique is to make the password more secure-at least it looks safer now.