Many organizations require mandatory password changes, consider this is best practice in security. However, this might not be the case anymore and there are many pros and cons to this practice. For those has been changing the password regularly, maybe it’s time for you to have a look having your password changed often makes sense and when it does not, and for who has done little on securing the password what should you do next.
Let’s get started with a strong password
Using a strong password is the most important thing you can do to help keep your account secure. Here are a few tips on how to create a strong password:
- Use combination of letters, numbers and symbols if permitted
- At least eight characters long.
- Never use names of spouses, children, girlfriends/boyfriends or pets.
- Never us your phone numbers, ID numbers or birth dates.
- Never use the same word as your log-in, or any variation of it.
- Never use dictionary words.
- Avoid using the same password for all your accounts
Enforce Password duration policies but wait…
Many companies enforce their users to update their password every few months, it limits the usefulness of the stolen password. If your password has been stolen and you weren’t aware of it, the hacker could eavesdrop for an unlimited time and gather all sorts of information about you slowly or laboriously and cause damages to you. Thereby, for the last decades, many security policies have recommended frequent password updates.
But it might now be outdated policy to recommend and it’s highly debatable that updating password frequently does actually increase security.
Updating your passwords often has become a waste of time?
A study from Microsoft found that mandatory password updates cost billions in loss of productivity for little payoff insecurity and some other security resources point out that the security best practice is doing little security improvement but causing a lot of frustration. End of the day, users typically end up choosing or resorting to sticky notes and any form of easier and quicker ways to access their “secure” password but could actually increase “risk”.
Experts pointed out that in many cases today hackers or attackers won’t be passive. If they get your account login, they probably won’t wait and hang around for months but likely they will access your account right away. In some cases, the hacker might be sticking around eavesdropping, not using your password but with installed backdoor access instead.
The next thing you would do to reduce your risk is to reduce the password update duration. But hold your horses, hackers have machines that can break 348 billion NTLM password hashes a password encryption algorithm used in Windows per second and any 8 character password could be broken in 5.5 hours, and if your account is being targeted, what makes you think that reducing the password update duration would possibly reduce your risk? It’s not possible and not worth doing this crazy event that kills your brain cells on a daily basis.
Good reason to beef up your security with Two Factor Authentication
Two-factor authentication is one of the best things you can ensure your account doesn’t get hacked and invest less time and frequency updating your password, eventually less hassle and frustration. It’s more important and above that, you choose a unique and strong password for your accounts. Two-factor authentication is a simple feature that asks for more than just your password. It requires both something you know and something you have in personal belonging like a cell phone. After you enter your password, you will get a second code sent to your phone or an application like google authenticator generates 2-step verification codes on your phone, only after you enter it will get into your account and keeps unwanted snoopers out of your online accounts.
At Vastspace, apart from the encryption layers on all our web channels for communications with clients. Our client portal is installed with Two Factor Authentication if you have an account with us follow this guide to enable it now.