Blog - Password Best Practices | ACM

Blog Details

image

Password Best Practices

Managing personal passwords is important for ourselves as it is the key to almost all your personal information such as banking, personal mail, work related documents and mail communications, pictures and videos, etc. Although some of the passwords are being used almost every day, however it is a pain to remember too many passwords and we are always afraid of forgetting or losing them. Here are some of the easy tips you can follow to ensure better password management.

1. Using passphrases or complexed password

Password Best Practices 1

- Use passphrase instead of password. This technique allows you to remember password easier and makes it harder to be hacked (e.g. "Mypasswordislongerthan8" instead of "P@s$w0rd").
- Some password system requires complexed combination, which is good. A strong password consists of at least 10 characters and includes a combination of uppercase and lowercase letters, numbers & symbols (e.g. "My@ccount123").
Extra tip: Having unique passwords for every account or credential is very tedious to manage and remember. Instead user can choose to set the same password for account of similar IMPORTANCE level:
High importance: Email, SingPass, DBS Online
Medium importance: Computer, Dropbox
Low importance: Netflix, Spotify, Lazada

2. Enabling multi-factor authentication

Password Best Practices 2

- MFA (multi-factor authentication) or some called as 2FA (2-factor authentication) nowadays is widely used or enforced in password system. This security feature helps protecting your account in addition to traditional passwords.
- User will be prompted to confirm their login via mobile authenticator app, or received an SMS notification with one-time password (OTP) to verify access or make purchases.

3. Store your password safely

Password Best Practices 3

- User have responsibilities towards protecting own credentials. Credentials must be kept confidential to help prevent unauthorized access and disclose of sensitive information under a user's care.

- A traditional / foolproof way is by NOT storing your password digitally. Write down in a piece of paper, personal note book, or safe box. Should you lost the physical stored password, you are advised to perform PASSWORD RESET immediately

Therefore, User Awareness is extremely important when it comes to cyber security. You want your staff to be able to recognize Phishing Scam mails (reference: HERE) and understand how to craft a good password.

Since most hacking attempts target corporates and employees, it is essential to train them on how to recognize potential attacks, and to secure one's credential and confidential information.

If you require any assistance or 2FA for business, contact us today either via our hotline at 6295 5962 or email us at info@achievement.com.sg.