The passwords They are the basis of digital life because they allow their users to protect both personal and business information and act against cybercrime. It is important to focus on managing secure passwords to avoid serious consequences in the medium and long term.
Well, all the information that exists in a company, both internal and external, is crucial; without data there is no intelligence or prediction of the future.
According to Oracle, the innovation of a new business model can be measured by the modern and disruptive way in which data is used. And in that order, people need to redefine how information is handled.
David Uribe, Head of Technological Transformation of Oracle Colombia, suggests: 7 practices for the proper handling of passwords.
1. Use a password manager and autonomous technologies
It is difficult to remember different passwords in all the places where we have accounts. Hence the importance of having a password manager. Undoubtedly, it is a much safer option than having the passwords written down in a notepad, a document in the cloud or a paper.
In this note of TechMarkup includes a list of some password managers that may be useful.
2. Each password must be unique
A good technology administrator stores passwords encrypted, ensures that each password is unique and difficult to guess, tightly controls access rights for each user, and enforces company security policies at the password level.
To find out how strong each password is, Google has Password Verification: a new functionality that with just one click allows you to know if a password is weak, if it is repeated on several sites or if it was exposed.
3. Change a password and encryption keys regularly
Changing passwords and encryption keys regularly is essential to minimize the impact of a potential password breach.
4. Use hardware for key management
exist HSMs (Hardware Security Modules), What are they devices that allow the generation, storage and protection of encryption keys.
These devices not only speed up the encryption process, But they can’t be manipulated either. allowing keys to reside in one place and not be replicated across different systems and locations.
5. Integrate the use of keys and passwords with access control and auditing
It is important to control access to passwords and keys not only at the user level but also at the user level. application.
In addition, all use that a user or application assigns to a password or key must be registered to maintain the highest security standards.
6. Consolidate a safety culture
Organizations must consider the creation and implementation of a safety culture.
There must be a strategy that allows mitigating the risk and that is constantly reviewed. This means an investment that hopefully will generate great results, since a cyber attack it can bring not only star reputational consequences, but also extremely costly.
Among these practices one of the simplest, but most important is constant updating of verification systems. For example, it is important that passwords expire and are changing periodically.
7. Employ multiple levels of authentication
A good registration is fundamental, intelligent digital security implies that no single form of identity verification is used.
Additional levels of integrity such as Biometric registrations, strength questions and dynamic keys are essential for strength. A good rule of thumb is that the more secure information needs to be, the more security levels should protect it.