Using a strong and effective password in the office is like wearing the safety clothing of the digital world.
The human brain, however, is not programmed to remember strong passwords, nor to keep in mind a different complex password for each account.
On the contrary, it is programmed to act quickly and impulsively.
For this reason, we tend to think that it is better to use simple passwords to avoid forgetting them, even at the expense of company data security.
Attackers often access networks through weak or stolen passwords, in fact, 80% of violations occur within web applications used by users who fall victim to phishing attacks.
The problem can be mitigated through some behaviors that could over time become part of the corporate culture. A follow four recommendations that can be adopted to mitigate the problem.
1 – The disposable passwords
- Use disposable passwords for free trial accounts, newsletter subscriptions, or last-minute discounts.
- If these passwords are stolen or these accounts are hacked, critical information will not be lost.
- For these accounts, you could use a short password consisting of a simple word and a specialcharacter, for example Freddy123!
- Never use this password for any other account again.
2 – The phrasal-password
Four- or five-character passwords are vulnerable. Experts recommend passwords of at least 12 characters.
A broken password is longer than a simple password-word, but easier to remember.
It is better not to choose too simple phrases such as lyrics, such as wewillrockyou, wearethechampions or somebodytolove. A good example would be: Iw@nt 1990tobr£@kfr££!
3 – The pattern password
If you have various social media accounts you can use a password that follows a certain pattern/pattern that is easy to remember and has special words, numbers and characters. The ideal would then be to use the same pattern/pattern, varying a word or a single character for the different accounts. For example: Instagram – urBIANCO! @9am&18pm, Facebook – urrVERDE@9am&18pm, LinkedIn – urrrROSSO! @9am&18pm.
Some companies ask their employees to change passwords every 90 days. In this case:
Do not use the four seasons to align with the required update periods. For example: Primavera2023! , Estate2023! Autumn 2023! , Winter 2023!.
Do not use special characters like ! , – or +. Prefer less common symbols.
4 – Two-factor authentication
Two-factor authentication is recommended for more sensitive accounts, such as bank accounts, business emails, and file sharing software. The most used authentication systems are: confirmation SMS, email, biometric recognition or tokens, authentication systems such as Google or Microsoft Authenticator. Incorporating two-factor authentication in combination with a complex passphrase significantly reduces the likelihood of a potential attack succeeding.