Unauthorized access is a major potential problem for any organization that uses computers and internet devices to store data, including customer personal information, company accounting files, and other sensitive information. It can result in monetary losses and even identity theft of a customer whose bank account and personal information is stored within the company database system. Passwords are essential to information security, so it’s important to learn ways to create a strong password that is hard to decipher.
Choosing a Password
When creating a password, individuals often think of something that is easy to remember, which usually results in one that is easy to guess. Password reuse can also be a problem when an employee uses the same passwords for multiple programs. The key is to create a challenging password that is hard to decipher but not so difficult that it is hard to remember. Instead of having employees think of their own passwords, consider using a password generator, which is a software program that creates a random string of letters and numbers that can be near impossible for a hacker to figure out.
If you prefer to create your own password, increase password security by selecting one that is complex, random and long. To do this, consider turning a short sentence or phrase into a random string of letters and numbers. For example: use “On7hreS@y Ch33z” instead of “On Three Say Cheese.”
Additional Password Creation Guidelines
Other guidelines to keep in mind when creating a password include:
- Passwords should contain at least 10 characters and have a combination of characters, numbers, and uppercase and lowercase letters
- Use intentional misspellings
- Never use the same password twice or for more than one device
- Avoid automatic logins
Another option to increase password security is to initiate multi-factor authentication (MFA). This process uses more than one method to verify a user’s identity.
Typically, there are three ways to authenticate an employee’s identity. These methods include a password or PIN, some type of ID card, and a biometric, such as a fingerprint, facial image, voice recognition, or retina scan.
Large companies often implement identification badges that allow them to assign individual access to certain areas of a building, specific equipment or individual rooms. This cuts down on the number of unauthorized individuals who have access to sensitive information.
Implementing Multi-Factor Authentication
One way to implement multi-factor authentication is through a single-use passcode. A user logs into the program or site, and upon recognition, the program allows the user to choose between an email code or an SMS code (depending on how the database is set up). Most one-time use codes must be used within a given amount of time. The code is entered into the program, which further verifies the identity of the user.
Intuit uses multi-factor authentication across all of its products to protect your account information. Other tools to assist with multi-factor authentication setup include:
- CA Strong Authentication
- Okta Verify
- Quest Software Defender
- RSA Authentication Manager
Passwords are serious business. By creating strong passwords, you increase the security of your customers’ information and your business’ sensitive data to safeguard against loss.