Password complexity gains increasing importance each year. Yet I.T. administrators are finding that employees grow more frustrated with each new password rule that I.T. hands down.
Password Complexity: What’s the Problem?
It’s important to get password complexity correct the first time — but since many companies existed long before passwords were necessary, many organizations don’t have high password complexity policies.
Another area of concern is using outside products, like file sharing services. Their password complexity policies should be customizable to your needs. That means the products your employees use should match your internal password policies — but many products don’t let you customize your options.
Adding new password complexity rules often backfire as well. In fact, insisting on more special characters might not help at all. When John Doe, your marketing expert, adds an exclamation point to the end of his password, does that make it more secure? Do you think that brute force hackers haven’t caught onto that yet?
So how do we manage to create more security through password complexity rules and policies? Here’s a few suggestions…
Password Complexity: Reset User Passwords
Instead of just telling your employees to add a special character to their password, educate your employees on why password complexity is important and start from a clean slate by resetting every employee password. Give them some warning though, don’t just spring this on them and be ready for some troubleshooting.
Reset your employee passwords across the board — for network assets, your email and for outside products. Insist your employees do it on their cloud products as well if you can’t control that.
Better yet, I.T. should be able to monitor all file storage solutions and set the password complexity policies for all your users. If you can’t do that with your existing file sharing solution, or if your employees run their own accounts (like Dropbox for Business), you might want to consider a more secure tool like SmartFile, especially if you need to be PCI or HIPAA compliant.
Password Complexity: Increase the Length
Set the minimum number of characters to 8 or more. There is some interesting evidence that points that password length might be more important than non-alphanumeric characters. Regardless if you believe that or not, set the minimum number of characters to least at 8 and you will cut a lot of poorly created passwords quickly.
Password Complexity: Mix the Case and Special Characters
Ask your employees to build new, complex passwords that are easy to remember but hard to break. Give them some guidelines and examples.
For instance, tell them to use the nickname or mascot for their favorite school, all lowercase. Then the first 3 letters of something that’s important to them, and either capitalize the first letter or all the letters. Next, they should insert a special character. I like the money symbol here, followed by a number, which creates a dollar amount.
- I’m a University of Notre Dame Fan
- I’m Originally from Chicago
- My First Paycheck was Worth 497 Dollars
I could use: irishCHI$497
By teaching employees how to build a complex password, we give them the tools they need for success. While it’s not guaranteed to stop brute force hackers, it definitely is safer than Abcd123! or something like that!
Password Complexity: Identifying Password Protected File Sharing Companies
As an IT administrator, you need to find secure file sharing companies with password complexity rules that match your organization’s policies. Again, this is important if you want to ensure you’re compliant with HIPAA or PCI regulations.
SmartFile offers a customizable set of password complexity rules:
Unlike other companies that care more about just file sharing, we care about secure file sharing at SmartFile. If you’re interested in seeing if our password controls are robust enough for your organization, start a free trial!