In 2014, eBay was targeted by hackers. They stole the credentials of three employees and had 229 days of total access to eBay’s network. They used that time to steal the personal information and passwords of 145 million users.
Breaches like this are becoming increasingly common, so your employees must understand how to create strong passwords and keep their business accounts secure.
6 best practices to create strong passwords and keep your business accounts secure
1. Create long, complex, and unique passwords
It’s no surprise that people often create short, simple passwords; they’re just easier to remember. Unfortunately, they’re also a cinch to crack.
Hackers can crack a simple and commonly used password such as “password123” in approximately .29 milliseconds. An account with a password like that might as well not even have one. In contrast, a long, unique, and complex password such as “DOfi8!ryODoyEsNe8b” would take about 1 trillion years to crack. No one’s got that much time to spare, so your account is much safer.
A strong password has a minimum of 16 characters and includes a mix of upper and lowercase letters, numbers, and symbols. It also has to be unique. Without the unique factor, it’s entirely possible to have a terrible password that follows all of these guidelines (e.g., Iloveyou1234567!).
If you combine a solid password with smart cybersecurity practices such as keeping your devices updated, you can rest easy knowing your accounts are about as safe as they can get.
2. Sentences or phrases are better than single words
It’s quick and easy for single-word passwords to be compromised. Never make your password a single word, even if it’s “disenfranchisement” or something similarly long. Hackers can use dictionary attacks to crack this using software that tries all the words in a dictionary or other word list successively until it finds a match.
3. Don’t include personal information in your passwords
The amount of personal information that’s readily available on social media and other public websites is staggering. It’s no trouble for a hacker to find out your full name, date of birth, partner’s name, pet’s name, etc. This type of information should never be used in your passwords.
4. Use two-factor authentication to render stolen passwords useless
Two-factor authentication is a method of account verification that requires a password and a second piece of information to complete your login. The second factor is often a PIN, a security code sent to a mobile device, or security questions. For more advanced 2FA, the second factor could include biometrics such as voice or facial recognition.
Two-factor authentication provides an added level of security for your accounts, and it should be used with any business accounts that offer it. Some users find 2FA frustrating because it adds additional time to the login process; however, this extra step takes less than a handful of seconds. The reward is well worth it as 2FA seriously ups the security level of your accounts by rendering stolen passwords useless.
Because some employees find the extra step of two-factor authentication frustrating, they may opt not to use it on their business accounts despite company policy. Onehub addresses this issue with our Advanced, Data Room, and Unlimited plans. Administrators can require two-factor authentication across the entire account to ensure secure, stress-free cloud storage and file sharing.
5. Encrypt stored passwords
One drawback of having unique and complex passwords is that they’re difficult to remember. If you’ve created a document to track your passwords, make sure it’s encrypted. Encryption makes your text unreadable to unauthorized people who don’t have the decryption key.
The type of encryption you use matters, too. For example, Onehub uses 256-bit encryption to protect data both in transit and at rest. This is the same level of encryption used by banks and the CIA. Cracking it would take approximately 27 vigintillion years, which is longer than our universe has even existed.
6. Don’t use the same password for multiple accounts
You’re probably tired of hearing this, but 51% of people keep doing it, so it bears repeating — do not reuse passwords. None of your accounts, personal or professional, should ever share a password. If your password is stolen or hacked, you can minimize the damage by keeping the breach to one account.
Onehub is all about security. We offer two-factor authentication, 256-bit encryption, and strong password requirements. We can keep your passwords and other business data safely encrypted and stored within your Workspace for easy access. Try us out for free for 14 days!