MotherG regularly reviews our best practices to ensure we’re providing the experience our clients’ desire. Recently we updated our security section, specifically password policies. We are frequently asked, “What’s the best password policy for my business? “
There are a thousand articles and a thousand blogs on how to create a strong password. People get too bogged down in the nitty gritty here. Truth is, the difference between a 7 character password and an 8 character password is nominal anyway, from a hacker’s perspective. A typical 7 character password with 1 number would take around 11 minutes to crack, with an 8 character password taking roughly 7 hours (courtesy of https://howsecureismypassword.net/ - great site for additional information). Either way, the password is broken overnight. If you focus on other aspects of the password policy though, like the number of times an account can be tried before it’s locked out, or how often the user has to change their password, you can add additional aspects of security to your network.
Security is only as good as the weakest link, which is typically the user. Make password policy requirements too lax, and people will keep the same bad password indefinitely. Make them too stringent and people will write them down on a post-it and stick it to their monitor.
The really important thing though is to ensure that the users understand the importance of passwords. Be careful when you type your password that no one is watching. Never hint at your password, or the way in which you create them. Sure, your co-worker might not care, but what about the guy delivering lunch, or the maintenance man. Company passwords should be treated with the same importance as credit card information, or a safe’s combination. Companies like www.knowbe4.com specialize in employee training around this type of thing, and could be the biggest step in security that your small to medium business can take. Or just ask MotherG – we’re here to help.
For a good visual of password creation techniques, follow this link: http://xkcd.com/936/