How do we log in to our work accounts every day?
By typing out our passwords.
Though there are many recent claims asserting that passwords are a thing of the past, or traditional passwords are dying, passwords still hold an integral part of our daily lives and it is important to have them strong to avoid any breaches or account takeovers.
The need for strong passwords goes stronger in the case of a business. That's because, a single account takeover in a company might be the beginning of an entire organizational takeover.
Bad actors can start with a single point and expand to multiple accounts, accessing other information like the company's financial data or that of various stakeholders involved, like clients.
There are certain elements needed to ensure the strength of passwords within your company. If you've already set up a password policy, ensure you have included all the following factors.
If you're new to the password space, here's a list of the five factors to keep in mind:
A set minimum length for passwords
A mix of cases within the password
A minimum amount of numerals and special characters in a password
The age of password
The rejection of previously used passwords
Including all of these factors will help create a standard password policy for your business. Make sure you have enforced all of these elements for your business.
Here is a detailed run-through of the components.
Factor 1: Password length
On a general note, secure passwords should range between 14 and 16 characters.
Enforcing employees to set passwords with a higher character limit works greatly in your favour because long passwords are harder to breach. To decrease the probability of bad actors getting a hold over your accounts through brute force attacks, set up longer passwords that are more difficult to decode.
Factor 2: Password cases
A combination of both upper case and lower case letters improves security. Denying ones without both cases ensures passwords set are immune to hackers since they reduce the chances of cracking codes through guesswork.
Factor 3: Special characters and numerals
A compelling inclusion of numbers and special characters is key to creating strong work passcodes. The addition of both numerals and symbols also helps make the code less vulnerable to account takeovers.
An ideal password using the above elements would look something like this: i0n0C4=d1-qgcGU
All of the above mentioned conditions are enforced on employees, but an organization's part has to go beyond to assure passwords are stronger.
Factor 4: Password age
Apart from setting specific elements for passwords, the business should send reminders to employees for timely password resets.
In the absence of any rotation to new passwords, the intensity it holds reduces overtime regardless of how strong it is.
Factor 5: Rejecting previously used passwords
The act of initiating resets can be futile if there is no restriction on using the same password again. Effective resets require the rejection of past passwords to ensure the new one is actually "new." Only allowing new combinations of characters can guarantee this.
Implementing a password policy
The IT admins of a company implement password policies. In the absence of an IT admin, or in the cases of small businesses, the owner himself might be the one handling all admin activities.
The presence of a password policy varies for different businesses based on their type, so the policy should be tailored for your workspace. Choosing a software with customization capabilities is necessary for this.
Zoho Directory is that software.
Zoho Directory can help you set granular controls over your password policy so it fits your organization's needs properly.
You can exercise control over the five factors described above for your company. Zoho Directory lets you mandate all custom options over your employees to avoid cybersecurity hazards that might impact your system.
A strong password policy is just the beginning when it comes to safeguarding your work accounts. Passwords are not enough for your online accounts. After configuring a policy, ensure you implement multi-factor authentication (MFA) for advancing your security level.
Adding MFA ensures that you secure your work accounts even if someone compromises your first layer (password) of security. Check out Zoho OneAuth, the authentication app for all your online accounts.
To recall, a password at work needs to be 14 - 16 characters long, have both cases of letters, and include special characters & numbers. On the org side, it has to ensure timely resets and reminders for employees have been scheduled while also denying previously used passwords.
Book a demo with Zoho Directory here.
We hope this blog helps you frame and fix a strong policy for your organization, or redefine to a new policy for strengthening all components of a password policy.