As a business owner, you may understand the importance of a strong, complex password. However, your employees might not. Hackers often look for patterns based on human behavior, especially those that involve the inability to recollect. Many employees tend to set up passwords that are easily identifiable, and based on part of their own name, the names of their children, birth dates, or their favorite activity.
The other pitfall where your employees most likely fail is in using the same password to gain access to multiple accounts. While it is certainly okay to use a complex password on a single site, crossing over and using the identical one on additional sites can cause great harm to both the employee and the business owner.
Employees often reusable passwords on their trivial sites like Twitter, or Facebook. However, if a hacker is successful in harvesting the password on an employee’s simple, trivial account, they might gain immediate access to non-trivial sites including the employee’s bank accounts, PayPal account, or work assets up to and including full remote access as the user. It is imperative to not use any password on multiple accounts, no matter how easy they are to remember.
The size or length of the password is critical to ensure it is not easily cracked. Many hackers, cyber criminals and online attackers use algorithmic software programs that can generate millions of password possibilities.
Using traditional brute-force techniques, hackers recover simple four-character or six-character passwords near instantly. Individuals that develop passwords of eight characters or more can slightly slow down a hacker’s abilities, while twelve characters take an even longer time. The ultimate password might be generated using a complex phrase of at least 25 to 30 characters in length.
Encourage your employees to sample from all four standard character sets in every password. With 26 uppercase characters, 26 lowercase characters, 10 digits and a huge supply of special characters there are combinations of many millions of possibilities when generating a unique passphrase. Extending simple passwords out to 26 or 30 characters in length, there are literally trillions of possibilities, or a nearly impossible task to attempt to figure out how to gain access into an account.
As much as you can, discourage employees from using poor passwords. However, there is nothing you can do to physically prevent an employee from reusing their complex work password for their Facebook account.
Adding an additional layer of authentication is the best way to ensure you have created a much stronger barrier to anyone wishing to improperly enter your network. With a good two factor authentication system, even if a malicious person has a valid password their access is denied. The employee simply adds a short one-time password to gain access into their account.