Passwords at Work: Best Practices

More Than a Key for Passwords at WorkProtect your business network, customer information, and employees by training staff on the best practices for passwords at work. According to Bloomberg BusinessWeek, passwords that only contain six lowercase letters take a hacker around ten minutes to break. Simply adding uppercase into the equation brings a hacker’s time to ten hours. There are many other ways employers can decrease the chance that systems are breached.

Build Strong Password Protocols

Require employees to create strong passwords at work by setting systems to adhere to this criteria:

  • Eight characters long
  • Contains both upper and lower case
  • Contains both alpha and numeric characters
  • Contains at least one special character, such as $, &, or #

Expanding the total possible characters makes passwords at work impossible to guess. It creates permutations in the millions, so hackers can’t use random generators to cycle quickly through all possible passwords.

Require Password Changes

Even a strong passwords at work can be breached. There’s always the chance an employee wrote down a password or shared it with someone. Require password changes for every in-house system at least every 90 days.

Varied Password Entry

One password shouldn’t grant access to the entire system, especially if you’re limiting information and functionality by department or level. Require that employees use different passwords for each program that requires security.

Don’t Write Passwords Down

With a number of passwords to remember every day, employees could be tempted to save usernames and passwords in a notebook, on the computer, or on their smartphone. Discourage employees from writing down passwords. I you do allow password documentation, require workers use encrypted files or apps. If passwords are written down when setting employees up with access, make sure documents are shredded immediately to avoid a possible breach of your system.

Keep Passwords Confidential

Sharing a password is like copying a key to the building and handing it to someone who doesn’t have the right clearance. Most employees would never think of copying a key. Even so, it can be tempting to share passwords for efficiency and other reasons. Make password confidentiality part of compliance and orientation training for your company. Then, enforce policies with consequences for sharing passwords.

A strong password policy protects everyone and may help keep your business compliant with industry-specific security regulations.