An alert pops up on your computer: It’s time to change your password again. Sigh. Fine. You’ll just change from password4! to password5! and—
Not so fast.
Regular password changes are meant to make sure that even if someone gets your login credentials, they won’t be able to use them forever. But if you just make a tiny change or add a digit to a sequence, it’s easy for a hacker with the old password to crack the new one using a “brute force” attack.
So what’s the best way to keep your passwords strong? Here are some tips:
1. Establish a company “password refresh” policy.
No matter how big or small your business is, make sure you have a policy for setting and refreshing passwords. For example, don’t allow people to use basic dictionary words. Don’t allow identical strings of characters from previous passwords. And make every password unique—i.e., not one that somebody’s used for a different system. Educate your team about good “password hygiene” and how weak changes or reusing passwords can put both your organization and your users’ personal accounts at risk.
2. Change your passwords regularly.
How often you should change your passwords depends on how critical a system is. Passwords for accounts with administrative privileges (ones that let users make system or account changes) should be updated more often than others because unauthorized access to admin accounts can be so much more devastating. We suggest changing them every 90 days. Passwords for less critical systems can go a little longer, but should still be changed every 180 days.
But be aware: those timeframes apply if you have a password management system that automatically generates strong passwords. If you’re relying on users to choose their own passwords, you should require more frequent changes.
That said, a password management system is a great idea. It will let you set expiry dates for passwords so users are prompted to change them before they can re-access a system.
Even with auto-expiries, tell your users they don’t have to—and in some cases, shouldn’t—wait for the scheduled expiry date to change their passwords. The fresher, the better!
3. Change passwords immediately if they’re shared or breached.
While the rule should be “don’t share passwords”, if you absolutely have to share one, change it as soon as the other user is done. Even if they’re well-meaning, they could have noted it somewhere visible or stored it in an unsecured location, leaving it vulnerable to malicious players. And of course, in cases of a known or suspected breach, change any affected passwords right away.
By following those three principles—set a policy, change passwords regularly, and change any password that’s shared or breached—you’ll go a long way toward keeping your information safe.
TSI Password Manager
TSI Password Manager makes it easy to follow this policy. It takes the indecision out off the field and enables people to stay safe. For many years Tekmar’s IT Blueprint has helped fast changing business stay ahead. A stand-alone version of our password Manager is available to help IT professionals, businesses and individuals. If you’d like to learn more about how to manage your passwords, let us know. Next time, we’ll explain how to make sure you know who has access to your systems, and why it matters.
TSI Password Manager secures your new password records are input to the internet browser on your computer. From there they are protected in transit by 2048-bit RSA keys, and at rest using over 300 different rounds of 256-bit symmetric encryption, with six different randomly generated keys. Your unique encryption key (organization key) is the final step in unencrypting your data for view within the browser.
Easy as 1,2,3.
Security problem or need system support?
If you have:
- a security problem,
- technology question,
- configuration issue,
- had a network intrusion, malware or
- item place in quarantine,
call the Tekuser Service Desk at (336) 373-110(5).
Or submit a request by clicking the get help button below.
ORGANIZATION KEY
Two of the encryption keys used are unique to each password record, and one of the encryption keys called the Organization key is created and stored only on the server side. This encryption key is never stored or maintained anywhere except within the TSI Password Manager infrastructure.
PASSWORD AND
PASSPHRASE TRANSMISSION
All inbound and outbound data communication traffic with the TSI Password Management happens over TLS
1.2 using 2048-bit RSA keys to ensure the protection of your data in transit.
WEB APPLICATION FIREWALL PROXY
Unique encryption keys are retrieved from numerous sources for each password.