Kiuwan logo

Best Practices for Password Security

Despite widespread awareness of cybersecurity threats, the most common password in 2024 is still “123456.” This simple fact underscores the ongoing challenges in enforcing strong password practices. This is a serious problem, given that almost half of people in the US have had their passwords stolen in the past year. This article will look at password security best practices you can put into play today to help protect your business from cyberattacks originating from stolen or compromised passwords. 

Use Strong, Unique Passwords

Password strength increases with length and complexity. Always use the maximum number of characters allowed, incorporating a mix of letters, numbers, and special characters.

Also, the more complex a password is, the more secure it is. Use every factor element available and arrange them in a random order. Not all applications will allow spaces in passwords, but use them if possible, along with special characters, numbers, upper-case letters, and lower-case letters. 

Many applications force strong passwords by requiring a minimum number of characters and a mix of character types. And many people take the time to create and memorize a strong password. However, they then use that password for multiple applications. 

This increases the risk they’ll fall victim to credential-stuffing attacks, where hackers use log-in credentials exposed in one data breach to break into other applications. For instance, if malicious actors steal usernames and passwords during a healthcare breach, they can reuse them to access bank account information. 

While creating a different strong password for every application can be a hassle, it’s the most secure practice. Make it easier to remember with the following process: 

  • Create a funny or exciting phrase that’s at least ten words long.
  • Turn the phrase into an acronym.
  • Replace two letters of the abbreviation with numbers. 
  • Capitalize two letters. 
  • Replace one remaining lowercase letter with a symbol. 
  • Keep the original phrase to help you remember the password. 

Here’s an example following all the password security practices above. “My imaginary friend thinks you have some serious psychological issues” can turn into mIFty#s3p1.

Don’t Share a Password

Encourage your team to treat their passwords with the same level of security as their financial PINs—never share them. It may seem harmless to share a password with a coworker, mainly if they do something helpful. However, once someone shares a password, they have no control over how the other person will use it. They also can’t stop the person they shared it with from sharing it with others. They may write it down to remember it, and a bad actor may steal it. 

If people use the same login credentials for other applications, they’re basically handing over the keys to their entire digital lives. They can’t be sure how secure someone else’s devices are or whether they will recognize threats like phishing scams.

People often use dates or names that are meaningful to them to help them remember their passwords. This is a terrible idea because it makes it easy for someone to guess their password. Suppose someone regularly posts social media pictures of their beloved dog, “Sailor,” and their personal information is publicly available. In that case, it’s not a stretch to guess their password might be some combination of Sailor and the numerals on their birthday. 

Allow Multi-factor Authentication Whenever Possible

As developers become more proactive about cybersecurity, they increasingly include multi-factor authentication options for logins. Multi-factor authentication (MFA), also called two-factor authentication (2FA), is more secure than a user ID and password combination because it provides an additional layer of security. Even if a hacker guesses a password, they can’t access the account without filling out an extra form of authentication. 

There are three main types of MFA including: 

  • Knowledge, such as answers to security questions 
  • Possession, such as a badge or a device 
  • Inherence, such as a thumbprint or faceprint 

MFA does provide additional friction, which is why some people resist it. It’s worth noting that if it’s more difficult for the user to access their application, it will also be more difficult for a hacker. 

Change Passwords Regularly

The longer someone uses a password, the more likely it will be part of a breach. Regularly changing passwords will reduce the possibility of hackers using a compromised password to access an account. People should change their passwords in the following situations: 

  • A breach exposes a password. 
  • They suspect unauthorized access.
  • They discover malware or phishing software on their device.
  • They sever a relationship with someone who shares their account.
  • They log in on public Wi-Fi. 
  • They’re using an account that’s been inactive for a while. 

Monitor for Breaches 

All businesses must notify customers of a data breach, although the methods vary by state. Companies may send notifications via mail or email or post a notice on their website. People can also use password-monitoring software to receive a notification if a password is involved in a breach or check their passwords through Have I Been Pwned

If you discover that a password has been compromised, follow these steps immediately to restore security:

  • Change the password on the compromised account.
  • Change the password on any other accounts. 
  • Change any variations of the password.
  • Monitor all financial statements for suspicious activity.
  • Set up alert notifications with the major credit bureaus. 

Build Secure Applications From the Ground Up

Application security starts with secure code. Kiuwan’s end-to-end application security platform is the ultimate code security tool. We provide a combination of static application security testing (SAST), software composition analysis (SCA), and quality assurance (QA) tools that empower developers to build resilient applications in any environment.

Development teams integrate security from the very beginning of development, addressing vulnerabilities beyond just password protection.Secure your applications from the inside out. Kiuwan’s platform helps you identify and fix security flaws early in the development process, reducing risks and saving time. Request a free demo to see how Kiuwan can safeguard your code.

In This Article:

Request Your Free Kiuwan Demo Today!

Get Your FREE Demo of Kiuwan Application Security Today!

Identify and remediate vulnerabilities with fast and efficient scanning and reporting. We are compliant with all security standards and offer tailored packages to mitigate your cyber risk within the SDLC.

Related Posts

Python language graphic

How to Protect Python Code with Kiuwan

Python is the backbone for countless applications because it’s versatile and easy to use. However, there’s a downside to this popularity—Python has vulnerabilities that make it a favorit target for…
Read more
© 2024 Kiuwan. All Rights Reserved.