Forward
Good password habits are essential for any person who works regularly online. Due to regulations or contracts with customers, many business are required to have specific password polices. In 2024, here are some of the most recent recommendations concerning passwords.
Password Best Practices
As part of a good password management practice, whether at home or work, you should incorporate some or all of the below ideas.
- Do not reuse old passwords. Maintain a password history.
- Always use 2FA, where possible.
- Require long complex passwords. (12+ characters)
- Change your password, whenever you are involved in a data breach.
- Use a unique password for each separate application.
- Store passwords in an encrypted format.
- Use a password manager.
- Change your passwords on a regular basis.
- Use public/private passkeys, instead of passwords, where possible.
Use a Password Manager
Rather than using the same password to login to everything, it is recommended to use a desktop password manager. Avoid browser based password managers. An application like KeePass, allows you to set unique strong passwords for each website or application.
- Use 2FA to login to the password manager.
- Authorize specific users to only access specific vaults.
- Identify risky users and risky accounts in advance.
- Disable browser based password managers.
- Use automatic generated strong passwords.
- Train all employees / users on how to use the password manager.
- Consider enabling PAM, if appropriate.
Reference: https://keepass.info
Conduct Regular Password Audits
Just as important, as creating and maintaining passwords, is conducting a routine audit on your password database. A routine audit could catch unwanted activity early and prevent undesired access being granted. Things to look for, would be:
- Who has been accessing the passwords?
- Was there after hours access?
- Was there multiple sequential failed attempts in a short time frame?
- Did a user accessed all password in a short time frame?