Man using phone and laptop with virtual login screen

Protect Your Ad From Holiday Hackers With Better Password Hygiene

Criminal hackers look eagerly toward the holidays because it’s a time for vacations, general absences, and fewer eyes on the organization’s passwords. There is a 30% increase in the average number of ransomware attacks over the holiday period compared to the monthly average.  Get ahead of hackers’ plans this season and throughout the new year with an updated password hygiene protocol.

8 ways to improve password hygiene now

1.      Reject weak and easily guessed passwords

Criminal hackers guess passwords using employees’ personal data on social media. Hackers notice when Sue, the database admin, shares frequent pics and videos of her favorite nephew, Kevin. They will try likely password variations such as Kev123, Kev456, and Kevin1! to log in to her account.

Employees create passwords using the first words, numbers, and special characters that come to mind. Cybercriminals use dictionary lists, lists of weak, typical, and stolen credentials, and clues from social media to guess their login data. Rules that reject these passwords by default give the organization an edge over hackers.

2.      Require long, more complex passwords

When the organization removes a weak password, it must replace it with a stronger one. The longer the password, the stronger it is, and the more time it takes for criminals to crack it. A 12-character password takes 62 trillion times longer to crack than a six-character password.

Complex passwords are more robust than simple ones. Using a combination of upper- and lower-case letters, numbers, and symbols in random order makes it difficult for hackers to brute force their way into company systems. Password policies mandating long, complex passwords keep hackers off an organization’s systems and networks.

3.     Ban password reuse

It’s easy for employees to remember a single password rather than many passwords. But when they reuse the same password, criminal hackers gain easy access to information in many places with only one credential.

Once hackers confirm a password, they’ll try it everywhere, including the organization’s most sensitive systems. Over 40 million Microsoft users were found to have reused passwords. Ban password reuse to keep passwords unique to each system.

4.     Stop password sharing

“I need to use your computer. What’s your password?” Those ill-fated words increase password exposure across the organization. Employees are consumers, friends, and family members who share those credentials outside work. The password grows weaker as more people know it.

People reuse shared passwords, and one bad habit multiplies the effects of the other. Stop password sharing to better secure accounts.

5.     Remove arbitrary password expiration dates

It’s hard enough for employees to memorize a complex new password every time there’s been a breach. It’s another matter to learn new credentials every month or 90 days because of password-aging practices that reset passwords automatically.

The more difficult passwords are to remember, the more likely they are to write them down. These habits force employee credentials out into the open. Guidelines by NIST and new best practices don’t require a password change unless the password could potentially be compromised.  Password rules that break company morale only help hackers. Let arbitrary password rules like this one die.

6.     Encourage users to implement a passphrase approach

A long passphrase of 20 characters is strong. When an organization promotes using long passphrases, employees only need to string together some words that they can easily remember. Employees stress less over their credentials, and the organization stays secure.

7.     Implement a custom password policy that includes a blocklist

A password blocklist can include weak, breached, common passwords and company names that make for easily guessed credentials. When an organization customizes its password policy with a blocklist, it makes it impossible for users to add or use passwords on the list. Companies can allow employees to create long, complex passwords or long simple passphrases, so they have more to choose from when avoiding blocked passwords.

8.     Institute a company-wide password manager

A single company-wide password management tool enables password customization within and across groups and departments for greater password entropy. Organizations can use dictionary lists, breach lists, and custom lists to filter common and known bad passwords.

Improve your password policy hygiene with Specops password policy

Specops Password Policy enables robust, fine-grain password rules and extensive password blocking across breach lists, dictionary lists, and blocklists. Set rules that require lengthy, complex passwords and easy passphrases while be able to automatically reject weak and easily guessed credentials. Replace rules such as arbitrary password expirations that offer no benefit.

Specops Password Policy can enforce compliance with industry and regulatory requirements. Extend the functionality of Group Policy for Active Directory. Specops Password Policy will help increase your password security in your Microsoft Active Directory before the holiday hackers strike.

Get your free trial of Specops Password Policy and test it out in your Active Directory today!