The best building control and security systems can be defeated by something very simple: insecure passwords.
Easily compromised passwords expose vulnerabilities and make it possible for disgruntled former employees, hackers or other bad actors to wreak havoc.
Each year, SplashData releases its list of the worst passwords. The list is culled from passwords revealed by hacking attacks from that year. It’s hard to believe, but passwords such as “123456” and “qwerty” and even “password” still make the list, despite perennial warnings that these passwords are not secure.
Why do businesses spend thousands on sophisticated security and building control systems, only to leave them open to easy attacks? It’s a bit like installing a very fancy lock on your front door, and leaving the key in place.
Here are a few dos and don’ts for creating and maintaining more secure passwords:
Don’t use familiar terms
Names, significant dates and other personal details make it possible for hackers to guess. Especially as our lives are lived more and more online, and hackers become more and more sophisticated, it becomes fairly easy to discover your favorite team is UK and your favorite color is blue and your mother’s maiden name is Smith. Using any of those terms in a password is risky. Instead, use nonsense, unrelated terms. Be sure to mix capital letters in, as well as a digit or a symbol. You might even consider using an automated random password generator.
Don’t share passwords between accounts and systems. Sharing passwords between accounts and systems is a huge temptation, and almost everyone does it. But it makes it extremely easy for hackers to take over not just one account, but an entire identity.
Do change passwords regularly
Change passwords regularly, but not too frequently. Change passwords any time your business has a personnel change. When you have turnover, change any password used by that person at any time.
Encourage all personnel to change passwords annually. Any more frequently will likely result in compliance challenges.