Creating Strong Passwords to Protect Your Community Bank
Creating strong and secure passwords is a daily challenge for nearly everyone. The average person uses ten online accounts a day that require logins, has 26 online accounts and 17 different “private passwords.” In addition, they have approximately nine work accounts that require passwords. That’s a lot of passwords to ensure are secure! It’s even more important for community bank employees to ensure their accounts are protected; if they are hacked, the bank’s network and databases are at risk. There are several different techniques to follow to ensure your passwords and your community bank’s systems and data are secure.
Using Pass Phrases as the Password
A common technique is to use a “Pass Phrase.” This involves using a phrase or sentence that means something to you to create a complex password. To make it a little easier you can simplify the phrase to just the first letter of each word. For example, “My son is 8 years older than my daughter” could be used to create “Msi8yotmd”. Adding a special character to form “Msi8yotmd!” strengthens the password by including a character from all 4 possible characteristics – uppercase letter, lowercase letter, number, and symbol.
There are other similar methods that require a little more creativity. The user thinks of a word that means something to him or her and jumbles it up to create a completely random password. Spell it backwards, add numbers, replace some of the characters and voila, you have a strong password. “Liberty2” could become “2ytr3b1L”. This example substitutes the number 1 for “i” and 3 for “e”.
It’s also acceptable to use a word like Liberty and put a number in after each letter: “L3i8b6e2r5t7y0”. The number could be a phone number or anything the user can easily associate with something familiar to them.
Pass phrases can also be used literally. The user simply thinks of a phrase up to 28 characters in length, including the spaces. A good one might be “I love the outdoors!” Notice this password includes an “!” at the end. Therefore, it meets the complexity requirements to include 3 of the 4 possible character sets. Also, it includes the spaces, so the user can type normally when entering the password, as if typing a sentence in a Word document.
Now you are probably thinking, “Hey, doesn’t that break the cardinal rule of NOT USING WORDS in a password?” Yes, but only if the password is too short like “Iamgood!” The minimum password length should be increased in environments where users choose to use pass phrases.
Employing 14-28 character passwords including the password complexity requirement makes them much harder to guess using today’s common tools. While this may sound difficult, it’s actually easier in practice. Users only need to get accustomed to using a pass phrase, which is much easier to remember and type than a random eight character password.
7 Reasons Why Small Community Banks Should Outsource IT Network Management
This is a free white paper that addresses key issues smaller financial institutions face when managing their networks and the benefits of outsourcing these tasks to a provider who offers IT network management solutions exclusively tailored for community banks.
Pass Phrases Should Have a Minimum Length of 14 Characters
The domain, or network password settings should be updated to require a minimum of 14 character passwords. In addition, employees need to be educated on using pass phrases. It’s much more realistic to expect users to create a long pass phrase than it is to rely on them to create a completely random eight character one each time.
With local network access most eight character passwords can be quickly discovered using widely available tools. While using a random (no words) eight character password with all four character types prevents the elemental dictionary cracks, it does not prevent the more sophisticated methods; it merely slows them down somewhat. These methods are widely used by third party auditing firms during network audits or testing.
It Is Important to Properly Store Passwords
It is never acceptable to keep them written down! While it is important to ensure passwords are created correctly, it is also important to make sure they are stored correctly. They should never be written down in a location that is easily accessible or sitting out where anyone can find them. Also, don’t store your passwords with your computer at work or while you are traveling. Do not store your encryption and domain password on a piece of paper in your laptop bag, which leads to potential breaches when the bag and computer are stolen.
The next time your network is audited, you won’t receive a list of all your users and their passwords from a slyly smiling auditor. At a minimum, use 14 characters on your administrator accounts to keep them safe. As a best practice, ensuring the security of bank employees’ accounts and passwords should become a routine task.