World Password Day is an excellent opportunity for businesses to find resources, learn about bad habits, and connect with experts. In 2023, the best practice for creating strong passwords is to choose unique and memorable options.
Two out of three people still reuse passwords across accounts, one in three share codes with others, and nearly 40 percent have been hacked. ¹
The digital landscape continues to evolve rapidly with new technologies and changes in e-commerce, telehealth, and cryptocurrencies. In such a dynamic environment, businesses need effective instruction on keeping up with the latest password security practices, in order to protect user data and personal information.
Password security is one of the most ubiquitous yet user-influenced pieces of digital security.
While new forms of authentication such as biometric authentication methods (like fingerprint scanning) and one-time passwords (OTPs) have increased in popularity, passwords are still a crucial element of security.
Businesses should be on the lookout for guidelines on how to engage with password hygiene, or how to create strong password policies. Organizations of all sizes need to adopt modern password policies based on the latest guidelines from organizations like the National Institute of Standards and Technology (NIST)—which might include guidelines similar to those for individuals—and also include standards for assessing and remediating vulnerabilities.
Tips on creating “strong” passwords have changed a lot over the last few years, as computing power and threat actors’ knowledge have both increased.
In 2023, the best practice for creating strong passwords is to choose unique and memorable options. Password managers can help users avoid the damaging habit of reusing passwords repeatedly as it makes storing more unique passwords easy on the user. However, businesses should consider removing password complexity requirements, such as forcing users to create a password with a specific combination of lowercase and uppercase letters, digits, and special characters. These requirements make passwords harder for users to remember and easier for hackers to guess.
For individuals, it’s crucial to avoid reusing passwords, use password managers, and enable multi-factor authentication (MFA) whenever possible.
When designing new requirements for your password policies, remind users of the hazards of reusing favorite terms plus some favorite numbers… instead, encourage them to consider longer, unique passphrases that they’re going to be able to remember. (By way of an example: “My23YearOldDogRoverLovesTeriyakiBeefJerky!” is a stronger password than “Rover23!” even though both might satisfy password requirements.)
Businesses of all types and sizes have an ethical and legal responsibility to protect user data and personal information. Even as legal requirements change, it’s important to incorporate cybersecurity strategies and budgets into business plans, regardless of the size of the organization. For smaller businesses without in-house IT staff, finding a service provider for cybersecurity solutions can be an effective option.
World Password Day is an excellent opportunity for businesses to conduct a password audit that can help evaluate the current state of passwords within your business network, and make informed changes to your password policies. Read more about updated password policies for businesses and identity management on the Enzoic blog.