Five Password Best Practices: Keeping Cyber Criminals at Bay

10/19/2021

The web completely revolutionized how small businesses deal with their finances, but it also opened up a door for cybercriminals to take advantage of those with poor passwords and online habits. Fortunately, there are easy steps you can take to improve your password cybersecurity to keep online bad actors at bay. Here's a look at what you can do better to protect your small business finances and online accounts.

Upgrade your passwords to include passphrases

Many people choose a password that's easy to remember, but that may also be easy to guess. Passphrases act as longer passwords that are still fairly easy to remember but much harder to guess or hack.

A passphrase is simply a series of words or other text used as a password. Picking four or more unrelated words is often more secure than a shorter password that includes numbers and symbols. This passphrase generator explains how longer phrases made up of random dictionary words are more memorable and many times more secure than even other randomized passwords.

Choose long and hard-to-guess passwords

Cybercriminals typically use one of a few methods to breach victim's accounts. Those include stealing information through a virus implanted on your computer, using public information gathered from a past data breach or guessing a long list of passwords in what's called a brute force attack.

While your only option to fix easy-to-guess and breached passwords is to change them, it's a good idea to pick strong passwords that stand up to brute force attacks should you become a target.

Again, long passwords such as a four-word passphrase may be best. Try to avoid using any password that includes easy-to-guess info like family member names, pet names, birthdates and anniversaries. Also, avoid commonly used passwords like 12345, abc123, qwerty or the word "password." Longer and randomized passwords are most secure.

Avoid using the same password on multiple sites

If you use the same password on every site and app and one is breached or hacked, bad actors have access to your password everywhere. It's essential to use a unique password on every site and app, particularly banking, investing, insurance and other financial accounts.

Using a password manager, as described below, can help you keep track of dozens, hundreds or even thousands of unique online logins without having to remember a different password for every site and app.

Add multifactor authentication

Multifactor authentication is a term for a login that requires two or more steps to verify your identity. Common two-factor authentication methods include a code sent by text message or email. For even more security, consider upgrading to a third-party authentication app. Some highly secure logins require a dedicated code-generating device.

It's best to use multifactor authentication anywhere it's available. That includes online financial, email, social media, and business accounts. Admittedly, it's a little more work every time you log in, but the added security is well worth the effort to protect your information.

Implement a password policy for employees

Small businesses should implement a password policy to help their employees choose safe passwords and keep them safe. It is important to focus on the entire life cycle of the password including how the passwords are chosen, how often they are changed, and what employees should be doing to keep passwords from being stolen.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends implementing strong authentication recovery mechanisms, an account lockout policy and setting accounts to automatically disable after being inactive for a predetermined period of time.

Take charge of your online security

While it can be nerve-wracking handling money and business accounts online, following common sense digital security and strong password practices go a long way in keeping your small business accounts and assets safe. Make sure your team follows the same guidelines to keep your business assets and customer information as safe as possible.

It's worth spending time upgrading the passwords for your small business and implementing a strong system your team can stick with for the long run. Strong passwords are one of the best ways to keep yourself and your business safe online.