Go personal, resistant and unique
These are the best practices when it comes to choosing passwords for your business:
- Personal, do not share it. Do not pass it on to anybody, write it down or save it somewhere that is easy for other people to access.
- Resistant, it must not be easily guessable. Avoid using consecutive numbers and letters (12345, abc123), personal information (names of relatives, pets, addresses), significant dates (birthdays, anniversaries), etc.
- Unique, do not use the same password for different websites, accounts or devices.
Change predetermined passwords.
- Many devices and accounts come with predetermined passwords. In most cases, you are asked to change them the first time you log on, but this is not always the case, so you must make sure that you do change them. Predetermined passwords can often be found in product documentation and can easily be found online, meaning they are not secure.
- Use a password consisting of 3 or more consecutive words (passphrases), as they are easy to remember and more difficult to crack. Remember, the longer the password, the better.
- MFA adds an additional layer of security to accounts and devices, by asking for an additional element of information, such as a code sent to your mobile phone, your fingerprint or facial recognition.
- Even if your password is compromised, having MFA means that nobody can access your account or device.
- If your business offers online services or the option of creating an account on your website, try offering MFA to your customers and users to offer them this additional peace of mind.