Password Hygiene explained.
Password hygiene is similar to personal hygiene in that it takes focus, discipline, and maintenance to ensure strong passwords for all accounts. Poor password habits will inevitably leave users with a higher risk of infections from viruses, cyberattacks, malware, social engineering, shoulder surfing, account takeover, and more. The stronger the passwords and more disciplined in the system of password security, the less likely a user will fall prey to cyberattacks.
One of the most important aspects of password hygiene is having the right tools. Don't let end users bear the responsibilities of password hygiene without the proper resources necessary. Just like we need razors to shave, users need something to help cut through the pains of password hygiene. Without a password manager to remember long passwords, users will inevitably create weaker and easier-to-remember (and easier to guess) passwords. Without 2FA, it makes it easy for cybercriminals and malicious actors to gain access to accounts by simple shoulder surfing, tailgating, social engineering, and more. Password hygiene is most effective when supported by the right tools for the job.
Admins can make a policy forbidding reused passwords and spend significant resources training the end users. But if this policy cannot be enforced, users will still be able to circumvent this tedious requirement. It takes a tool of automation to effectively get the job done, not just policy and training.
Recommendations for strong password hygiene:
- Use long passwords that are difficult to guess so that it takes malicious programs too long to brute-force.
- STOP reusing your passwords - if one password is compromised, the other accounts may be compromised too.
- Do not write your passwords down as anyone can see and exploit this vulnerability.
- Do not store your passwords in an insecure manner such as on a Word file or in your personal notebook which could be stolen.
- Do not share your passwords with anyone for they may be the source of exposure, we can never tell what they do with it or who else they may have shared it with.
- Use two-factor authentication whenever possible to enhance security posture.
- Do not enforce password expiration dates according to NIST as users will create weak variants of perhaps already-compromised passwords.
- Use short timeout policies to not let malicious actors have a chance of accessing the computer.
- Instead of risking phishing attacks by typing in usernames and passwords on the Internet, use a password manager to auto-fill to help users avoid accidentally getting phished.
- Utilize a password manager to create very long passwords that are nigh impossible to guess and let the password manager do all the work in auto-filling.
For any additional questions or concerns regarding security, proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email firstname.lastname@example.org.
GateKeeper password hygiene; password hygiene defined; password hygiene; definition; password hygiene examples; password posture; password security posture; cybersecurity hygiene example;