With fears of global viruses escalating daily, physical hygiene is in the spotlight. The importance of handwashing regularly with soap and water is a critical step to prevent the spread of many infectious diseases. But what about our digital health and digital hygiene?
When it comes to digital hygiene, we must focus on ensuring that our passwords are not patient zero. Despite the hype about biometrics and other authentication mechanisms, passwords are not going away for a while, so it’s time to rethink how we create and manage them.
The mantra to adopt is “passwords must be strong and unique.” It’s up to organizations and users to take their password hygiene more seriously to ensure that their data is not at risk.
So, what should organizations do?
1- Prevent the use of weak, similar or old passwords
Make sure users select strong passwords that are not vulnerable to any dictionary attack. It’s critical that new passwords are significantly different from the last one and that you prohibit too many consecutive identical characters. You should also prevent the reuse of old passwords. Fuzzy password matching is a crucial password tool in strengthening password policy. Organizations need to block expected and similar passwords. This is where a root password that only gets changed by a few characters or just capitalization is activated. Leveraging fuzzy matching password patterns stops weak password patterns being utilized as it checks for multiple variants of the password, including case-sensitivity and reversing.
2- End mandatory password resets: they don’t improve security.
Organizations have historically addressed the threat of compromised passwords by enforcing regular resets. However, this policy is ineffective as it doesn’t ensure that the new password is strong and has not already been exposed. It can also drive up operational costs and have a negative impact on employee and user productivity. The National Institute of Standards and Technology (NIST) guidelines advise against this approach.
3- Check credentials continuously.
NIST password recommendations outline that organizations verify that passwords are not compromised before being activated and monitor those passwords on an ongoing basis. By checking passwords against a database of exposed passwords before they are deployed and once they are in use, it reduces the risk of compromised credentials being used. As the number of compromised credentials grows continuously, checking passwords against a dynamic database rather than a static list is an essential step. If a compromise is detected, it’s vital to institute an immediate, automated action such as forcing a password reset to secure the account before additional damages can occur.
What should users do?
1- Do not reuse passwords.
This is the equivalent of not keeping your vaccines up to date and hoping you will not get sick. The 2018 Global Password Security Report shows a staggering 50% of people reuse the same passwords for their personal and work accounts. Users need to stop this practice as the risks are too great and utilize some of the free online tools to help create and manage their passwords. So, make admin and other obvious passwords a thing of the past.
2- Create strong passwords.
Create passwords that are at least 10 characters. You can opt to include capitalization, numbers, and non-numeric characters, but the strongest passwords are 4 un-related words that you string together in a passphrase. Do not use common passwords as these are easy to crack.
3- Use a Password Manager.
It’s almost impossible to remember a unique password for every online account, so use a password manager to aid the process of remembering every unique password.
4- Monitor your online identity.
Another key tool is to sign up for an identity monitoring service that provides dark web monitoring and compromised credential monitoring like www.IDShield.com.
5- When possible, use MFA.
Turn on multi-factor authentication for your online accounts as an additional layer of protection.
6- Use secure websites.
Make sure the websites you use regularly screen for compromised credentials through a service like Enzoic because if hackers obtain your password from a leak or breach, they can access other accounts as well if you are reusing passwords.
Summary of Digital Hygiene
Digital hygiene is important. You should take steps to prevent your accounts from being compromised and protect your online identity.
Passwords are a vital vaccine in the war against cybercriminals, so make sure that you only deploy passwords that are strong and unique and that you continually check that they remain so.
If you don’t take action, you open yourself up to a myriad of risks and breaches that may take months or years to cure! Good password hygiene is as vital as washing your hands to prevent the spread of disease.