T2022_20 How to Maintain Password Hygiene in Your Company (14th October 2022) 

What exactly is password hygiene? 

Password hygiene refers to the process of making sure passwords are unique, challenging to guess, and difficult to crack. It is a set of rules and principles that, when followed correctly, can help keep your passwords safe from cybercriminals. 

How are passwords stolen?

Let's look at some of the most common ways for someone to steal your password: 

-Predicting 

If your password is personal to you, someone who knows you may be able to figure it out.  By sharing this information on social media such as name or birthday, someone who follows you may be able to guess your passwords based on information from your profile. 

-Using brute force 

A brute-force attack occurs when a computer program rapidly runs through all possible password combinations until it finds the correct password. the more characters in your password, the more difficult it is to crack. A long password that includes both uppercase and lowercase letters, symbols, and numbers is inherently more secure than a short one. 

-Social engineering  

Social engineering is the practice of convincing people to reveal sensitive information. The attackers can send an email containing an urgent message, for example, falsely claiming to be from a bank. To entice you to click the compromised link, the email may request that you confirm your password due to suspicious activity on your account. When you click on the link and enter your password, you have unknowingly given the hacker your credentials. 

-Breach of data 

If a website suffers a data breach, your personal information could be exposed. Your password should be immediately changed if you discover that your information has been compromised. It is critical to remember that if you use the same password on multiple websites, cybercriminals may use it to log into other accounts. Therefore, it's critical to use a different password for each website. 

Five password hygiene practices 

  1. Make use of two-factor authentication. 

Two Factor Authentication, or 2FA, is an additional layer of security that goes beyond a username and password to ensure the security of online accounts. To ensure that only the right person can access the account, the user is usually sent a one-time password via phone or email. 

  1. Passwords should not be reused. 

Using the same password for multiple accounts may be helpful, but it makes it easier for cybercriminals to gain access to multiple accounts if they can break into one, you should use a different one for each account. 

  1. Do not mix personal and professional emails. 

You should not use the same email account for business and personal use. When a cybercriminal cracks your password and gains access to your email account, this can result in massive data loss. 

  1. Use password manager. 

A password manager assists you in creating strong passwords and storing them all in one encrypted location. Password managers are an excellent organizational tool that allows you to practice better password hygiene. 

  1. Cycle frequency should be reviewed. 

IT professionals recommend that people update their passwords every three months. However, if you suspect you've been the victim of a cyber-attack, you should make a change right away. The goal is to ensure that if a password is compromised, a cybercriminal will only stay in the hacked account for a short period of time. 

The Guyana National CIRT recommends that users and administrators review these recommendations and implement them where necessary.    

PDF Download: How to Maintain Password Hygiene in Your Company.pdf

References