IT Security

The recent credit card information breach at Target has a lot of people thinking about big business security issues again.

What kind of information do the businesses we trust so much have and how easy is it exactly to access by some anonymous hacker?

The problem that the Target credit card breach highlights is that—no matter the level of security—any network has its potential weaknesses.

However, it’s not just big businesses that are targeted. Even small businesses can be targets for people looking to gain information they shouldn’t have.

One of the best, most overlooked, and poorly executed methods of protecting our businesses’ important data is the password. Passwords protect our networks and systems from unwanted intruders, but not every password is created equal.

Since all of us are only human, we tend to come up with passwords that fit into predictable patterns. This fact can be exploited by someone trying to get access to a password protected network, computer, application, and so on.

The more predictable your password is, the easier it is for a password guessing program to crack. To avoid falling into some of the common pitfalls of password creation, let’s review what you can do to make your password more secure:

  • The most important rule is still variation in the characters that make up your password. Make sure you use all of the different types of characters in your password. Upper case, lower case, numerals, and special characters like !, @, #, and $ are all necessary to improve your password’s security. The more nonrepeating characters from each set you have in your password, the more difficult it will be to crack. You should avoid using the same characters over and over again or using patterns like “12345,” as programs will commonly guess these first.
  • Passwords should be as complex as possible while still being memorable. One of the worst things you can do is make your password so complex that you have to write it down to remember what it is. Writing a password down anywhere makes the password insecure, defeating its purpose. Never write your passwords in plain view on a note by your computer; the less people who know your password the more secure it is. Further, never write your passwords down in an unprotected file on your computer. Doing so can welcome easy breaches in security.
  • So, how do you make your password complex while at the same time making it memorable enough to not have to write down? Try using a passphrase instead. A passphrase is sort of like a short sentence and using one as a password can be very secure. Password guessing programs have a hard time dealing with many random words, as there are so many combinations of random words to guess.
  • The more nonsensical and impersonal the better. If your password is something like your birthday and your daughter’s name, you can bet that it will be cracked very quickly. Make up a phrase of random words that are easy for you to remember. To make it even more random, take only the first letter of each word in the phrase to create a gibberish word. Remember to add in upper case letters, special characters, and numerals.
  • Finally, change your password every few months to ensure the highest level of security possible. If you’re a business owner, it’s important to implement mandatory password resets. Make sure that your employees know the best password practices—that includes avoiding the common, predictable trap of changing one character every time there’s a reset. Make sure that the new passwords are as different from the old passwords as they can be, especially when dealing with sensitive information.

Creating secure passwords is the best way to drastically improve the security of anything you log in to. Businesses especially need to be careful to ensure every one of their employees is properly creating passwords that keep the network safe. Avoid a security incident altogether by using the most effective password practices.