A series on password policies
We’re all creatures of habit. We tend to eat at the same restaurants, sit in our same spots, and place the same dinner orders. Researchers have found that these autopilot responses can be helpful. They free our minds to focus on more important decisions.
So it’s no surprise that we’re creatures of habit when it comes to passwords too. We tend to use the same password for all of our accounts. And we don’t change that password. It becomes as comfortable and familiar as our favorite spot at dinner.
The problem is that running on autopilot isn’t helpful when it comes to passwords. It’s actually quite harmful. Given enough time, cyber criminals will crack your old, familiar password. And then they’ll use it to expose all of your accounts.
So it doesn’t matter how sophisticated your organization is. Your company is filled with creatures of habits who will default to an old, familiar password given the chance.
That’s why it’s important to enforce password history as part of your password policies. Password history determines the number of new passwords that must be used before you can return to an old password. In other words, it forces you to change your password habit.
There are three things you should do when it comes to this policy.
Assess your password history.
Get a free access rights assessment by a credible cyber security company. They’ll check out the configurations of your password history and the rest of your password policies. Then they’ll check everything else that could undermine the security of your organization.
Remediate your password history.
Implement a cyber security plan to protect your data, including enforcing password policies. This involves setting your password history to the maximum setting of 24.
Monitor your password history.
Keep an eye on password history to make sure old habits don’t creep in. For example, a policy alone isn’t enough to prevent criminals from cracking this series of passwords: TimSmith1, TimSmith2, TimSmith3 . . . . Continually educate your people on the importance of strong passwords and remain alert to any weaknesses in your system.
It’s natural that people cling to habits. But when it comes to protecting your corporate data, you must do the uncomfortable thing and demand change.
Umesh Verma is the award-winning CEO and driving force behind Blue Lance, the global provider of cybersecurity governance solutions. For more than 25 years, Blue Lance’s automated software solutions have been protecting digitally managed corporate assets by assessing, remediating, and monitoring security of information systems. Call Blue Lance at 1-800-856-2586 for your 25-point Access Rights Assessment, or get social with us on LinkedIn, Facebook, or Twitter.