We all know that strong passwords are key to maintaining your IT support security. One of the reasons that hackers were able to break into the Sony Pictures system so easily was that vast numbers of employees used easily guessable passwords such as “password” and “s0ny123”.
Even better, someone had very kindly written them all down and saved them in a document called “passwords”. There’s nothing like making a hacker’s job easy for them.
The best passwords are at least eight characters long; 12‒14 is preferable. They contain a mix of lower and upper case letters, numbers, and special characters.
They do not use real words that appear in a dictionary, or obvious dates or sequences of numbers. (According to 2012 data from SplashData, the second and third most popular ‒ and therefore worst ‒ passwords in use were “123456” and “12345678”.)
You use a different IT support password for each application or service, and you change them all regularly. Oh, and you always ignore that helpful little box that pops up and asks, “Would you like to save the password for xxx?”
But back to the real world, where every retail site, hobby forum, and app insists that you log in, and it is simply not humanly possible to remember that number of randomly generated, long, and complicated passwords. So what do you do?
At First Line IT, we’ve put together some practical password guidelines that you can use at home and at work to keep your systems secure, while not spending all your time trying to remember multiple random strings of letters, numbers, and special characters.
1. Use unique and very strong IT Support passwords for your business network, your bank, and any other websites or apps that connect with your financial or other confidential data – or where a hack might pose a reputational risk, such as your email or social media accounts.
Never, ever allow your computer system to save these passwords, and always make sure that you log out of the systems when you have stopped using them, or even if you just step away from your desk. Most of these types of systems will log you out automatically after a few minutes of inactivity, but it’s better to do it yourself.