Menu

What’s the best way to change your passwords?

You change your clothes. You change your oil. Make sure you also change your passwords.

 

An alert appears on your computer: It's time to change your password again. Sigh. Fine. You plan to switch from password4! to password5! and...

Hold on a moment.

Regular password changes are important to prevent unauthorized access even if someone obtains your login details. However, simply making a small alteration or adding a digit to an existing password makes it easy for hackers to crack the new one using a "brute force" attack.

So, what's the best way to keep your passwords strong? Here are some tips:

Establish a password refresh policy for your company.
Regardless of your business's size, it's crucial to have a policy in place for creating and updating passwords. For example, avoid using common words found in the dictionary. Prohibit the use of identical character sequences from previous passwords. Ensure each password is unique and not one that has been used for a different system. Educate your team about good "password hygiene" and the risks associated with weak changes or reusing passwords, which can compromise both your organization and your users' personal accounts.

Change your passwords regularly.
The frequency of password changes depends on the criticality of the system. Passwords for accounts with administrative privileges (allowing users to make system or account changes) should be updated more frequently since unauthorized access to admin accounts can have severe consequences. We recommend changing these passwords every 90 days. Passwords for less critical systems can be changed every 180 days, but it's still important to update them regularly.

Keep in mind that these timeframes apply if you have a password management system that automatically generates strong passwords. If you rely on users to choose their own passwords, more frequent changes should be required.

Using a password management system is highly recommended. It allows you to set expiration dates for passwords, prompting users to change them before regaining access to a system.

Even with automatic expiration, inform your users that they don't have to wait for the scheduled date to change their passwords—sooner is better!

Change passwords immediately if they're shared or compromised.
While the general rule is not to share passwords, if you absolutely must share one, change it as soon as the other user is finished. Even with good intentions, they might have inadvertently exposed it or stored it in an unsecured location, making it vulnerable to malicious actors. Additionally, in cases of a known or suspected breach, promptly change any affected passwords.

By following these three principles—establishing a policy, regularly changing passwords, and responding to shared or breached passwords—you'll significantly enhance the security of your information.

If you'd like to learn more about password management for your business, feel free to reach out to us.

Westway IT

Westway IT Ltd: Registered in England & Wales, Company Number: 11341592
Registered Office: Westway IT Ltd, The Glen, Millend, Blakeney, Gloucestershire. GL15 4ED
© Copyright 2018 - 2024 Westway IT Ltd | Search | Sitemap | Business Terms | Update Cookie Preferences