Don’t Overlook the Importance of Password Protection

Greg Wilson, Head of Information Security
August 8, 2018

Because of the growing concern of hacking and fraudulent schemes in the technology we use every day, the importance of password protection is something all businesses — and all individuals — should understand and apply.

There are multiple tactics businesses can employ to help ensure login information and accounts are safe and help to avoid the likelihood that they become the victims of stolen information, stolen money or identity theft.

Use complex password construction.
There should always be a minimum length for a strong password (eight characters is a standard requirement), and you want to make sure there is complexity in your password. Typically, you will be required to use a combination of three of four of the following: uppercase letters, lowercase letters, numbers and symbols. Avoid using common terms or information about yourself that is commonly known (such as your favorite color or your pet’s name) as a password.

Use two-factor authentication.
While adding a second level of authentication creates an extra step in the log-in process, it helps to mitigate the possibility of passwords being compromised and someone accessing your personal or client information. Two-factor authentication requires users to have two credentials — such as their usernames and passwords (which is something you know), plus either something you have (a code sent via text or email) or something you’re identified by (fingerprint) — prior to logging in to their systems or accounts as an extra measure of verifying your identity.

Regulate password policy.
In order to ensure extra protection when logging in, many systems require you to change your password over a certain frequency, often every 90 days. Doing so can help to lessen the chance of a hacker maintaining stolen passwords and accessing your information. Corporations often have a maximum password age of 60 days for administrative or privileged accounts because there is potential for a greater amount of damage in the event of a breach. There should also be requirements that will not allow users to use the same password again, as doing so makes it more likely that a system could be breached because of hacking. If an individual is able to use the same password over and over again, if that password is ever compromised, the likelihood of a system being breached increases. However, if there is a password history requirement in place, users are forced to use different passwords than they’ve used in the past, thus lowering the chances of a system breach as a result of compromised passwords.

Don’t save user credentials.
Different Internet browsers (e.g., Google Chrome) often ask if a user would like to save his or her password when logging in to various sites. Never store your username or password in web forms or on webpages.

Don’t share or write down passwords.
Giving other individuals your personal login credentials increases the chances that your information could be compromised. You are the only one who should know your passwords. Additionally, writing this information down could also lead to unauthorized access of your personal information if it’s more easily available. If your password must be stored on your mobile device or in a file on your computer, please ensure you encrypt the information.

Use a variety of passwords.
It’s best to use different passwords for different accounts or at least for different classes of accounts (e.g., work, finances, shopping, social media, etc.). If one account is compromised, it’s easier for the others to be, as well, if the password for each account or class of accounts is the same.

If you forget your password, or if someone is trying to log in as you, most systems have a lockout feature that will lock the account after a given number of attempts. The account will remain locked for a period of time (e.g., 30 minutes) or until an administrator resets it. Always change your password if you suspect it has become known by another individual.

While resetting and changing passwords can seem like tedious tasks, they are necessary extra steps to ensuring your business, personal and financial information are not stolen.

 

 

Greg Wilson is head of information security at 1st Global. Greg works to ensure 1st Global affiliate advisors, staff and systems are abiding by and adopting best practices in order to keep information secure.

Want to read more from 1st Global? Follow us on Twitter @1stGlobal or on LinkedIn. You can also watch videos on the company’s YouTube Channel.

The Emergence of Fee-based Planning

Tips for delivering high-value service and advice in the digital world.