How to Define and Enforce Strong Passwords

From managing different workplace systems and platforms to accessing our own accounts for personal activities, such as banking and email, the typical person has their work cut out for them when it comes to memorizing passwords. A study by NordPass revealed that the average business employee has to remember 87 different passwords for day-to-day tasks. When you factor in personal passwords, that number rises to an overwhelming 255. These passwords are a necessary piece of account security as we access everything from our grocery lists and accounts to corporate networks and cloud-based applications. However, while nearly everyone would agree that passwords are a vital part of keeping our data safe, the majority of people don’t adhere to password best practices.

This lackadaisical approach creates an immense amount of risk when it comes to both personal and workplace information security. Many hackers begin by targeting user passwords to gain access to larger networks. Even something as seemingly inconsequential as an old online account from a decade ago can contain key password information that can then be leveraged by cyber criminals. People must therefore be constantly vigilant about their password strength to eliminate any gaps that can be exploited.

As strong passwords are a formidable first-line defense against hackers, it’s key to define what actually makes a password strong so users can effectively craft them. For network administrators, it’s also crucial to have systems in place that require users to utilize strong passwords if they are to work within your organization, helping ensure the security of your network. With strong passwords working in combination with other cybersecurity best practices, businesses can trust their systems are protected against cyberattacks.

In this article, we explore some common guidelines that businesses can follow to ensure their passwords are strong and personal information is protected. We’ll also cover how account administrators can structure their organization to ensure password best practices are followed to avoid any employee cybersecurity negligence.

How to Build Strong Passwords

Hackers are developing more sophisticated methods and tools for gaining access to accounts every day. Brute force attacks, one such method, attempt multiple different login credentials to try and gain access to an account, often spamming thousands of attempts per second. To keep your accounts safe from these attacks, leveraging password best practices is a necessity.

As these threats have changed over the years, defining what makes a strong password has also shifted. That said, there are still many tried and true guidelines for creating a strong password to better defend personal and business data against cyberattacks. Below is a complete list of these guidelines. This list can be used to compare your own passwords against to ensure they’re adhering to best practices for thorough platform and system security.

If you find yourself struggling to come up with strong passwords, try this password generator by LastPass.

At Least 12 Characters

Many users know that strong passwords must be, at a bare minimum, 8 characters long, though they should ideally be somewhere between 12-14 characters or even longer. It may seem arbitrary to set a character limit on how long a password must be, but length of password does have a direct impact on how many secure, randomized combinations can be created.

Include Numbers, Capital and Lower-case Letters, and Symbols

Passwords are case sensitive to add another layer of complexity for better defense against access. Additionally, passwords allow the use of numbers and symbols, such as “&”, “@”, “#”, to decrease the likelihood your password will be easily guessed by a hacker. Employing a mixture of alternating cases and character types throughout your password will make it much more difficult to crack.

Avoid Dictionary Words or Combinations of Dictionary Words

Dictionary attacks are a method many hackers use to gain access to personal account information. These attacks systematically attempt words found in the dictionary (such as “road”), as well as combinations of those words (“long road”). Using obvious words makes your passwords vulnerable to these attacks. It’s important to choose obscure words and variations that don’t make logical sense. Ideally, it’s best to opt for a randomized string of numbers, letters, and characters for an even less guessable solution.

Avoid Character Repetition and Keyboard Patterns

Many commonly used passwords will feature character repetition, such as “111111”, or keyboard patterns, such as “123456” (which happens to be the most commonly used password across accounts). These offer an advantageous starting point for hackers, making it necessary to avoid these predictable password patterns.

Don’t Use Obvious Letter, Number, or Symbol Substitutions

While using a combination of letters, numbers, and symbols throughout a password is a great way to strengthen it, using those characters in obvious ways to substitute other characters can weaken a password. As such, don’t rely on common character substitutions for dictionary words, including replacing “O” with a zero, or “A” with “@”.

Avoid Using Personal Information, Names, Dates, or ID Numbers

Finally, it’s important to avoid using any information that another person might associate with you. Often, information you may be using in a password, such as a relative’s name or your birthday, can be found in publicly accessible records. That information can then be leveraged by hackers, making it best to leave that out of your passwords for optimal strength.

How Administrators can Ensure Users Create Strong Passwords

Though employee training on adherence to password best practices is one of the oft recommended methods for promoting company-wide cybersecurity, many employees will still neglect using strong passwords, creating vulnerabilities that hackers will target. To ensure strong passwords are used, it’s critical to have employee compliance frameworks in place.

This can be accomplished by having your network administrators configure applications to require strong user passwords. When choosing platforms to implement into your company’s network, be sure to select those that allow administrators to require strong passwords, as well as settings that can be set to define the structure of the passwords to accommodate company needs. This may change depending on whether it’s a user’s password or a guest password. Guest user password requirements may be less strict than users who have greater access to the system, such as if they can change settings or create reports.

Enforce Cybersecurity Best Practices in OpenEye Web Services

Strong passwords are a vital aspect of cybersecurity health. As you and your organization apply this best practice across platforms and systems, be sure to apply it to your video security. Video offers important information that’s not only valuable to your business but also to hackers, making it critical to protect it.

OpenEye helps enforce strong passwords and protect business data through a trusted, secure cloud video platform. OpenEye Web Services (OWS) ensures compliance with cybersecurity best practices for passwords by allowing system administrators to define and enforce strong passwords for OWS user and guest user accounts. Password requirements can be customized by setting the minimum number of characters for password length, uppercase characters, lowercase characters, numeric characters, and special characters to create complexity for each password used.

Strong passwords are just one part of a strong cybersecurity policy. OWS gives businesses the tools and features needed to deploy our cloud video solution without compromising security, including identity management integration, automated software updates, and more.

Learn more about OpenEye’s commitment to cybersecurity and data protection by booking an OWS demo today.