Skip to main content
Blog

Best Password Practices for SMBs

By December 16, 2021December 18th, 2021No Comments12 min read
Password Practices for SMBs

Data breaches are becoming more common with time. If you are an SMB, then you should evaluate your password practices. Most SMBs don’t care about their security. However, this can be very costly for you. Attackers are looking for businesses that are easy to target. A data breach can be serious for your SMB. It is difficult to bounce back if your customer data gets leaked. Your customer will lose trust. Thus, they are not going to work with you. In this article, we are going to share the best password practices that you can use for safeguarding your network.

  1. Don’t reuse passwords

A normal user is using various different applications. You might be using Facebook, Amazon, Netflix, and other services for entertainment. Also, you need to set passwords in your office password and bank account. It is difficult to keep up with them.

No one wants to dedicate their time to thinking about new passwords and remembering them. Thus, they will use the same password for logging into their work and logging into their Amazon account. If you are using the same password on different applications, then there is a huge possibility that all your accounts will get hacked.

If an attacker gets access to your work network, then they will get access to your passwords. They can use your password for logging in to different accounts that you have. Attackers can even access your bank account if you are using the same password. Similarly, if your social media account password gets leaked, then attackers will automatically get access to your company network.

You should use unique passwords for every service that you are using. However, this is a difficult task for normal users. You need to remember all the different passwords. If you forget your password, then you need to reset your password again and again. Thus, you should consider using a password manager tool. Password manager tools will help you in generating unique passwords. You don’t need to worry about remembering these different passwords. All you need to do is login into your password manager tool.

  1. Use 16-Character Passwords

Most people think that if they are making their password complex then attackers can’t crack it. However, this is not true. A complex but short password can be easily cracked by skilled attackers. They can use advanced brute force attacks for cracking your password.

If you want to protect your account, then you should use 16 character passwords. This will ensure that you don’t need to worry about brute force attacks. Business owners sometimes don’t ask their employees to use long passwords. They think that their employees will forget the password. Thus, your IT team will waste a lot of time. Your IT team needs to reset the passwords of your employees.

You should ask your employees to use passphrases in their passwords. This will ensure that they can easily remember the long passwords. If you forget your password, then you can use the password manager. Thus, password managers are very important for your employees.

SMBs should seriously consider using a 16-character password. This will help you in saving a lot of money. You can avoid serious data breaches if everyone is using a strong password. Thus, make sure that you are asking your employees to use strong passwords.

  1. Use Multi-Factor Authentication

Multi-factor authentication is very important for your business. It can help you in protecting your business from attackers. It is even better than two-factor authentication. Companies are now upgrading to four factors for protecting their network.

Currently, most companies are sticking with three factors. The first factor is inherence which simply means something you are. This will ensure that you are the right person. The second factor is knowledge. Knowledge simply means something that you will know. The third factor is possession. It is a thing that you have. For example, you will have your own mobile phone.

You can club voice and facial recognition as inference. Your employees can use their cameras to unlock their smartphones. Possession factors will include things like security tokens. Your employees will have access to your security tokens. The last thing is the knowledge factor which will contain secret questions.

If you are using MFA, then your employees need to spend more time logging in. However, it is better than using passwords only. It will add multiple layers of security. MFA is not uncrackable. However, it is much more secure when compared with two-factor authentication.

  1. Change your passwords regularly

Most people get attached to their passwords. They think that they have found the ideal password that they can also remember. However, you should change your passwords regularly. Make sure that you are changing your passwords if you are not using your passwords consistently.

You should change your passwords after every three months. Data breaches are very common. They will only become more common in the future. You don’t know when a data breach has occurred. If an attacker gets access to your password, then they can misuse it. You can ensure that your password is not a data breach dump by changing it regularly.

If an attacker works quickly, then it will be hard to protect your accounts. However, this practice can help you in protecting your password from data dumps. Sometimes your password can get leaked in some other data breach. It is impossible to check all the data dumps. There are some tools that you can use for scanning the web. However, still, this is a very difficult task.

You can solve this problem by changing your passwords regularly. This will ensure that no one can re-use your password from data dumps.

  1. Use Master passwords

You might be using internet browsers for storing your passwords. This will ensure that you don’t need to remember your password. Your browser will auto-fill the password for you. However, this is a very bad practice. If you are using this, then make sure that you are using a master password. Master passwords will help you in protecting your passwords. If you are not using master passwords, then anyone can steal your password from your computer. All they need to do is login into your computer. After that, they can steal all the passwords from your system.

If you are using Firefox, then you can enable this feature from Options in settings. Make sure that you are using master passwords in your browser. Now, you don’t need to worry about remembering other passwords. All you need to do is remember the master password. Firefox will ask you about the master password when you are entering passwords anywhere. Just enter your master password.

Internet browsers like Firefox also have a master password. However, not every browser has this feature. For example, currently, it is not available in Google chrome. You should look for some other alternative way to protect your stored password.

  1. Encrypt your passwords

Data encryption will help you in protecting your passwords. It will convert your passwords from plain text to ciphertext. There are various password encrypting techniques that you can use. The main techniques are:

  • Public keys: You can use public keys for encrypting your password on a broad level. However, you need private keys for decrypting the password data. You can’t decrypt your password until you have private keys.
  • Hashing: You can also convert your password into a hash. In this, the computer will take your password and convert it into a string of numbers and letters. Thus, it is impossible to understand the correct password. If an attacker gets access to your hashed password, then they need to know about the hashing algorithm that you have used. Thus, you can use it for protecting your passwords.
  • Symmetric Keys: You can use symmetric keys for encrypting and decrypting your passwords.
  • Salting: This is another encryption technique that you can use for encrypting your passwords. In this, letters and numbers will be added at the end and start of your password.

Data encryption can help you in protecting your password from attackers. This will ensure that attackers can’t get access to your password even if they get access to ciphertext. They need to first figure out the algorithm that you are using for encrypting your password. This is generally very hard to do. Thus, attackers will generally ignore your account.

  1. Make your passwords hard to decipher

Some people use their own personal password management system for storing their passwords. They don’t trust their password managers or internet browsers. Your employees might be writing down their passwords. Some business owners are worried about this as the password might be discovered if the office was ransacked. However, this is generally not possible. If someone breaks into your office, then they won’t look for a piece of paper with a password on it.

Your employees can use pen and paper for writing down their passwords. However, it is better to store your password data on your computer. This will ensure that there is some basic security. You can hide the document on your computer.

Make sure that you are encrypting your password. You can change a few words in your password and store it. This will ensure that no one can understand the file content. An attacker might get access to this file. However, it will be very difficult to understand the contents of your file. They will generally use a better method to steal your password. Thus, you can use this method to store your password without worrying about attackers.

  1. Use a password manager

Most employees generally use different passwords as they can’t remember everything. It is difficult to remember the passwords of 15 different accounts. Thus, you can’t ask your employees to remember all the passwords. You can solve this problem by using an enterprise password manager.

There are various password managers available in the market. You can use LastPass or DashLane for storing your password. These are the two most famous password managers available in the market. The best thing about these apps is that they are available on all platforms. You can use them on macOS, Windows, iOS, and Android.

You can sign up for their free plan. Most password managers are freemium. Freemium simply means that you can use the basic features for free. However, you need to pay a monthly fee if you want more protection.

Business owners should consider buying a monthly plan for their employees. This will ensure that you don’t need to worry about weak passwords. Your employees can use the password managers for generating a strong password. They don’t need to worry about remembering these passwords. All they need to do is remember the password of the password manager tool.

If you don’t have funds, then you can also stick with free tools. Free tools will also help you in generating and storing passwords. You won’t get any support from the password manager tool. However, you will still have access to other important features.

Conclusion

SMBs should focus on improving their password practices. Most data breaches actually occur due to poor password practices. If you are using the best password practices, then you don’t need to worry. It will help you in avoiding data breaches. Thus, make sure that you are using the best password practices.

However, the password is only the start of your IT security journey. If you truly want to protect your business from data breaches, then you should come up with an IT security plan for your business. This is difficult for SMBs as they don’t have access to a large IT security team. Experienced MSPs like Bleuwire can help you in solving this problem. They will help you in creating a unique IT security strategy for your business. You don’t need to worry about managing your IT security. Bleuwire will help you in implementing the best IT security controls. They will help you in training your employees. This will ensure that your employees know about the best IT security practices. If you need more information regarding IT security strategy, then you can contact Bleuwire.

Contact us today to learn about Bleuwire™  services and solutions in how we can help your business.