Password policies have been changing to keep up with all the changes over the past few years. Computer processing speeds have increased which makes cracking passwords easier. Hackers are better at the psychological-side of tricking users to revel their passwords. “Best Practices” are always reacting to the latest environment, yet many companies and users alike have been stuck using outdated guidelines.
Here are our latest password best practices for business:
- Use standalone or integrated password testing tools to check password quality, instead of relying on complex alphanumeric and symbol characters.
- Allow password length to be at least 64 characters long, rather than limiting length to 8-10 characters.
Stop forcing regular password changes, as most users only alter existing passwords incrementally, which makes for a weak password. - Forget using hint questions for password recovery since social media and a lack of data privacy help hackers easily find the answers.
- Encourage the use of password managers, and allow copy & paste in the data entry fields.
- Turn on multi-factor authentication (MFA) to add another layer of protection by confirming logins (55% of respondents don’t even use two-factor authentication at work).
And some password best practices individuals should be using:
- Never give away your login or password
- Stop using the same password for different accounts
- Create passwords that are at least 16-characters long.
- Use a phrase or sentance rather than a single word, and add symbols throughout.
- Don’t use any personal information, such as a birthday, pet name, maiden name, etc.
- Store all passwords in a password manager.