Considering the amount of sensitive information housed in Finance, rock-solid passwords may be one of the most important protections you and staffers have.
But what if, despite your best efforts, that data was still at risk?
It’s happening more than you think. Turns out there are some major misconceptions out there about what makes a password safe.
And if your finance staffers are buying into any of them, you could get hit with some expensive surprises.
Have no fear – we’re debunking the five biggest password myths swirling about these days, with a little help from our partners at IT Manager Daily.
Make sure you share these with all your finance staffers so they’re not unwittingly making you vulnerable.
Myth #1: Load your password with special characters
Capital letters, lower case letters, an ampersand or two — including all of these will keep your systems safer than using standard “dictionary” words.
Turns out those special characters aren’t nearly as important as the length of your password.
Check out this example from security experts at McAfee. They say the password “Br3ak1 ead&7” would take a hacker three days to crack. However, a simply long word like “thunder showers before sunset” would take 550 years to crack using the same software tool.
Bonus: And it’s a lot easier to remember!
Myth #2: Password checkers keep you covered
On certain sites when you’re prompted for a password, the site itself will gauge its strength. Some will even refuse to accept a password if it’s considered too weak. Should be a great backstop.
But urge staffers not to rely on that alone. Here’s why: Too many people default to things like “Password1” to meet the complexity requirement.
How long do you think it would take even an unsophisticated hacker to try that?
Myth #3: Let IT handle it – they know what they’re doing
Yes, IT folks may appreciate better than most why a secure password is critical, but unfortunately, they’re not any better at using the safest ones.
A good way to know if your IT is on top of its game: See what passwords it sets up for new employees. If your new A/R staffer received 12345 as her initial email entryway, you probably don’t want to turn over password modeling behavior to this group.
Myth #4: You must reset passwords periodically
This is one we bet your finance department does. You require staffers to change their passwords quarterly, monthly, etc. Smart move, right?
Not necessarily.
In fact, sometime this backfires big time. When folks are forced to keep changing their passwords, they start selecting simpler and simpler ones (how many different words can you keep straight after all?).
And that makes your systems vulnerable.
The only time you really need to change a password is if you have reason to believe your credentials have been compromised in some way. (Then, be sure to go long.)
Myth #5: Once you have password rules down, you’re good to go
Hackers are sharpening their “skills” every day and finding new ways to get their eyes on your company’s data. And there are ever-evolving tech tools to help them do it.
That’s why you want not only your finance department but your company as a whole to keep a fluid idea of what data security entails.
Just think – a year ago, many of the “myths” we just tossed out were actually considered best practices in the world of passwords.