9 Rules For Strong Password Creation


September 3, 2021

Do your employees know how to create a strong password? Is password management a priority at your company?

If you’re answering no to either question, you could be placing your organization at serious risk. Why? Because guessing employee passwords is one of the key ways hackers try to get into your organization. It’s one of the things they try first, before they graduate to more complicated schemes like phishing or link baiting. The reason is obvious. An employee password is like a golden ticket giving cyber criminals full access to anything they’d like in your network—admin codes, customer data, competitive information, and a whole lot more.

Here’s how easily a hacker can implement one of these password scams. Imagine, for a moment, that a hacker has obtained an employee email address off your website, or through a mailing list, or through some kind of hack. All they have to do is find the link to your employee log-in page. If that employee has an easily guessed password like “password” or “myname123,” a hacker can literally walk right through the front door of your network, completely undetected.

Password management is simply job #1 for your company, your IT department, and your employees, every day.

Password Rules: A Few Simple Standards

Fortunately, password rules are simple and easy to teach. Password rules for your organization don’t have to be complicated. It’s so simple, in fact, that our nine rules are actually an acronym—GET STRONG.

– GET RID OF PASSWORDS WRITTEN ON PAPER. Lost or misplaced sticky notes are a boon to thieves.
– ESCAPE COMPLEXITY Even though the password rules may be complicated, try to create them so they are easily remembered.
– TEACH EMPLOYEES Make sure all employees know and follow password rules and requirements.
– SIZE MATTERS Longer passwords are harder to hack, so all passwords should be a minimum of 8 characters. System passwords should be between 12 and 50 characters in length.
– TRUST NO ONE Add authentication processes to logins, such as Google Authenticator, Duo, RADIUS tokens, or other 2-factor options.
– ROTATE OFTEN Users should change their passwords every 90-180 days.
– OMIT DUPLICATES Never use the same password across multiple applications, systems and accounts.
– NO CHEATING  Disable password hints.
G – GET A VAULT Store passwords in secure, encryption.-enabled vaults such as 1Password.

More Resources on Passwords and Cybersecurity

Password rules are the first steps in protecting your data, files and devices from unauthorized access. But there’s more to know. Check out our password security tips in our Two-Factor Authentication ebook. We’ve also just written a blog about the latest in password encryption, Single Sign-on authentication, and how it can hack proof your organization. And of course, one of the best things you can do for your company’s security is to move your operations to the cloud. We can help you do a deep dive on the modern workplace journey to the cloud, with our website resources. Read all about it!

Download the Two Factor Authentication eBook Today!
Susan Gosselin is a Senior Content Writer for Integris. A career communicator and business journalist, she's written extensively on IT topics and trends for IT service providers like Iconic IT and ProCoders Ukraine, as well as business publications such as Technologyadvice.com, Datamation.com, The Lane Report and many others. Connect with her on LinkedIn.

Keep reading

How the Best IT Companies in Minnesota Support the Hybrid Workforce

How the Best IT Companies in Minnesota Support the Hybrid Workforce

After the initial shutdowns and stay-at-home orders lifted following COVID-19, workers throughout the United States and Minnesota decided that the work-from-home model was here to stay. It makes sense -- working from home offers a lot of convenience to your team – and...

Do I Need To Improve My Endpoint Protection?

Do I Need To Improve My Endpoint Protection?

A compromised endpoint gives hackers everything they need to get a foothold in your security network. Once there, they can steal data and potentially hold it for ransom. That’s why it’s so important for business owners to secure their critical endpoints (including...

Multi-Factor Authentication

Multi-Factor Authentication

Granting access to information is a necessity, as is security for both the user needing access and for the information for which access is being granted. The best way to handle this is by establishing user accounts for users. This does several things at once: Allows...