Employee-friendly Content Cybersecurity - Prevention Blog

Pssst: Our Password Protocol Advice

Here’s our password protocol advice to help keep your organization’s data protected.

Let’s start by clearing the air: It’s normal to have a love-hate relationship with passwords. It’s hard not to love the very things that keep your information safe, ensure private conversations are kept private, and give you peace of mind to go about your business.

But passwords also come with their fair share of headaches. We have all struggled to remember our latest and greatest password. Or struggled to come up with a new one. Managing passwords is a process, but it can—bear with us—be easier.

When putting the lock and key on your IT security, here’s what we suggest:

1. Change your password policy

If you’ve ever been frustrated by your inability to remember the special characters that sites required in your password (or should I say p@s$word1?), the National Institute of Standards and Technology (NIST)’s latest Digital Identity Standards will be a welcome change.

The NIST is now urging for simplicity. The new guidelines recommend passwords that are both unique and memorable, instead of forcing an odd addition of characters that end up scribbled on a post-it note.

They suggest counteracting the ease of using only letters with a longer password—preferably a nonsensical series of memorable words, like blanketceilingfruit. A passphrase that you’ll actually remember is likely to decrease an algorithm’s chance to crack your code, and keep your data safer than a password you have to tape to your computer.

2. Use a Password Management Tool across your organization

Password management tools take the stress out of juggling passwords, while simultaneously minimizing security risks. When you use a password management security service, such as Passportal, you are able to manage all of your organization’s passwords in one place (and no—it won’t look like a stack of sticky notes). The tool generates passwords, stores passwords, and even automates changing them to keep your information yours, and yours alone.

3. Employ Two-Factor Authentication

But what if a password gets compromised? Despite best efforts, it still can happen. Luckily, there are steps you can take to ensure that a password in the wrong hands is not everything in the wrong hands. We recommend clients use two-factor authentication (2FA). Don’t worry, that’s not an algebraic formula. 2FA requires a second point of authentication to get into an account. The most common 2FA combination is 1) your username and password, and 2) a code from your mobile phone.

Using 2FA means that your password doesn’t hold all of the power, and as such, if it’s compromised, you can still feel good about your IT security.

If you want to know more about what cybersecurity policies are right for your organization, reach out to your WorkSmart Account Manager, or contact our sales team at [email protected].