The management of information security in the company also goes by the correct setting of the passwords used. Let’s see how to choose, store and how often should be modified …
In terms of corporate information security, how to create secure passwords and really capable of protecting sensitive information from a business? Here are the factors to consider before choosing their access keys: fundamental elements, which if exploited properly, can ensure the highest level of protection desirable.
Password encryption
When the primary objective is to pursue corporate IT security, you must know at least roughly the operation of password encryption.
Suffice to say that in general terms, usually, all reputable sites save the access keys in encrypted form, codifying with a one-way process, which transforms them into strings seemingly without any logical sense. When the user logs in, the system compares the saved password and encrypts the password typed in the same way to recognize it.
If a server is hacked, the file containing the encrypted codes can be downloaded. Through the use of special tools, the hackers manage to go back to the original password using only the programs which encrypt a long list of words and then compare them with the list of encrypted codes downloaded.
If the words used by the software are taken from multilingual dictionaries or other lists of their names, TV shows, songs, movies, etc. These tools are able to try different combinations of terms in auto-variations on the lists (uppercase -minuscule, plural, before and after addition of the words or numbers, symbols, etc.), taking advantage of the capabilities of modern PC to test million combinations per second.
Complexity and length passwords
Since you should at the very least you are forcing hackers having to prove an exponential number of combinations before arriving at the correct solution, anyone who wants to ensure the company’s information security, entering in your passwords a combination of upper and lowercase letters, numbers and symbols, be sure to create codes as more complex and improbable possible.
In addition to the difficulty, however, it plays a fundamental role the length of the keys: the shorter the secret combination, before it can be discovered by hackers. So that you can get a good level of protection, so you have to choose the password at least 10 characters, and (for the sake) to add an additional character every year.
Another tip to follow to generate a good password is the fact of taking the first letters of a meaningful sentence and add the initial site where the code will be entered to log and any extra symbols.
If possible, always remember to choose the passwords easy to type on all devices (computers, smartphones and tablets), so as to simplify insertion.
Different passwords
Since we are explaining how to create secure passwords, in addition to what I said earlier (create codes of a certain length and mix letters, numbers and symbols), it is also advisable to use different access keys for each service used (e-mail, home banking, accounts of websites, etc.).
Sure banking portals or other similar platforms provide a good level of security, but if passwords operate within such systems are also used elsewhere, they become totally vulnerable.
Password Management
Now that we have provided some practical tips to create codes safe enough, we spend a few more words to explain how to manage over time passwords in their possession:
- Use a software (password manager) for the management of secret codes: extremely useful tool that allows you to store your access keys automatically and avoid having to type it each time on the keyboard. These programs (which are readily available online) must be selected by comparing the features and user opinions.
Warning: Before deciding what to install, make sure that the selected version supports the operating systems used and functions as a mobile desktop; - Change their codes periodically (once a year is enough for private password, but when it comes to corporate passwords, it is best to change them more frequently);
- If it is really necessary to create a file containing the updated password and hide it in a secret place, where no one can ever access;
- Create a list of sites to remember where you can modify the access keys (to change them all at once so as not to forget any);
- Unless you work alone, it should be established in agreement with the staff a policy to manage and update the company’s password (make sure it is always respected by all).
These are our tips to ensure corporate IT security: simple but effective tips to put into practice every day to protect the sensitive data of its business.