If there is one list you don’t want your small business to on, it’s the “worst passwords list,” especially in light of recent large-scale security breaches at national retailers like Target and Neiman Marcus. There’s no question that corporate data is under constant siege from the bad guys who want nothing more than to get their hands on your financial information.
So it’s particularly surprising to find out that many are lackadaisical when it comes to creating strong passwords. Each year, SplashData, the developer of productivity apps for smartphones, develops an annual list of the 25 most common passwords. The 2013 list actually comes from the millions of stolen passwords posted online by security consulting firm Stricture Consulting Group following Adobe’s well publicized security breach.
You can consider it good news or bad that ‘password’ finally lost its title as the most commonly used – and as a result the worst – password. Attaining the 2013 number one spot was “123456,” a previous two-time runner up. For a variation on a theme, the list also includes 123456789 and even 1234567890.
Some passwords like iloveyou convey a nice sentiment but not one you’d want to share with a hacker. Then there’s password1, which leads us to conclude the user was looking for a surefire way to never forget his password and laying the groundwork for a password series to be used on a whole range of mobile devices and apps.
If any of these are ringing a bell, especially as they relate to passwords you use for your small business, it’s time for a change. As challenging as it may be to maintain a series of strong passwords for all your systems and computing devices; it’s absolutely necessary. It’s not only your data that needs protecting. Entry into your company IT systems can mean access to your customers’ confidential information as we know all too well.
Microsoft offers some excellent tips on creating strong passwords that are hard to crack even with ‘brute force,” which is a program hackers use to try every combination of letters, numbers and keyboard characters. Keep these tips in mind as you set passwords and password policy for others in your small business to create them:
Know what makes bad passwords: The following should be avoided:
- Letters only or numbers only
- Names of family members, significant others and pets
- Phone numbers, birthdays and social security numbers
- Log-in names
- Any word found in the dictionary even a foreign dictionary
- Double letters or numbers
Once you come up with a strong password, Microsoft advises you safeguard it. That means don’t write it down (for example on a sticky that you place on your monitor). Try to commit it to memory by logging in and out several times or writing it several times on a piece of paper (just remember to toss the paper).
You also want to change passwords frequently. Your network administrator can and should make it necessary for employees to change their password every certain number of days. Every 30 is a good rule of thumb, Microsoft says. Also to help manage your passwords, consider getting a password management program.
When it comes to protecting your data, you can’t be too safe. A strong password isn’t the only line of defense against cybercrime, but it’s a good start.