With all the passwords we are asked to use every day, we end up creating one that opens the doors to the site or information we are looking for, and that is where the danger lies. Needless to say, hacking does not only happen to others and securing your company’s passwords remains a strategy that you must master. Before you find yourself facing a challenge that will not only be time-consuming but could jeopardize your business, here are a few tips for securing your passwords.
Tip 1: Diversify your company’s passwords
Never use the same password twice for personal use, but even more so in a company. What could be simpler than trying to enter the password found on all the company’s accounts. Each account should have a different password.
Tip 2: Make the password more complex
Yes, it’s true, if it’s simple you can memorize it easily without having to look it up in a diary, reminder or other for each use, but it is recommended to follow the following rules, according to the Cnil website:
Rule n°1: 12 characters
“A secure password must have at least 12 characters. It can possibly be shorter if the account offers additional security features such as locking the account after several failures, a character or image recognition test (“captcha”), the need to enter additional information communicated by a means other than the Internet (example: an administrative identifier sent by the Post Office), etc. “
Rule n°2: numbers, letters, special characters
A password must be composed of four different types of characters: upper case, lower case, numbers, and punctuation marks or special characters (€, #…).
Rule n°3: an anonymous password
A password must be anonymous: it is very risky to use a password with references to your personal life because it would be easily guessed.
Rule n°4 : renew passwords
On sites where you have stored sensitive data, remember to change the password regularly: every three months seems to be a reasonable frequency.
Tip 3: Limit the number of people who have access to passwords
Passwords should not be freely circulating in the company. You must therefore select the employees who really need passwords and not pass them around.
Be careful! Never circulate your passwords by e-mail, file export, or any other means via the Internet. If these data are not or poorly encrypted, they can be easily recovered by hackers.
Tip 4: Use a notebook or a reminder to store them
Write down your passwords in a notebook. It is then up to you to be vigilant in putting this notebook out of sight of the whole company.
Be careful! Avoid writing them down on a file on your computer or cell phone, because a breakdown would be enough to lose everything.
You can also choose to write them down on different media to avoid gathering all the information in one place.
Tip 5: Choose the right email or phone as your password safe
Choose carefully the e-mail address that you associate with your accounts. It is always possible to make a password recovery request, and if it ends up on an e-mail address that can be consulted by your employees, then the new password can easily be distributed.
It is up to you to apply these different tips to be sure to secure your professional passwords as well as possible.
To protect your information, it is necessary to choose and use strong passwords, i.e. passwords that are difficult to find using automated tools and difficult to guess by a third party.
Here are some recommendations from ANSSI: National Agency for Information Security
“Use a unique password for each service. In particular, the use of the same password for both your professional and personal email accounts should be avoided;
Choose a password that has no link with you (password composed of a company name, a date of birth, etc.);
Never ask a third party to generate a password for you;
Always change default passwords as soon as possible when systems contain them;
Renew your passwords with a reasonable frequency. Every 90 days is a good compromise for systems containing sensitive data;
Do not store passwords in a file on a computer that is particularly exposed to risk (e.g. online on the Internet), and even less on paper.