7 tips to strengthen users’ password security
Healthcare organizations should encourage staff to avoid common mistakes to ensure network security.
How to better ensure that passwords can't be easily solved
For most healthcare organizations, the front line of security remains the passwords associated with user names. Especially when users are forced to change their codes on a regular basis, there’s a risk that they’ll opt for something easy to remember and common. Unfortunately, weak passwords can be easily cracked by hackers, opening a healthcare organization up to potential hacking and breaches. Provider organizations seeking to improve security practices can begin by disseminating some of the most common mistakes users make on the job—and in their daily lives—in creating these important access codes.
Avast, a cloud-based security firm with technology to fight cyber attacks in real-time, offers guidance on best practices for password security.
Avoid the most common and obvious passwords
It may be obvious, but there are still users who pick the word “password” as their password. The company 4iQ, which monitors identity-theft threats on the dark web, recently discovered a compilation of leaked email/password combinations (over 1.4 billion of them) and reported on the most common passwords. Here are the Top Ten—123456, 123456789, qwerty, 111111, password, 12345678, abc123, 1234567, Password1 and 123123. These are the ones hackers try first. If a healthcare organization’s users employ any of these passwords, they should be advised to change them immediately.
Don’t use the most common substitutions
Changing password to p@ssword or passw0rd isn’t going to fool today’s cybercriminal. Security experts don’t recommend using any common word with just a single number or symbol substituted for a letter.
Avoid common paths on your keyboard.
We’ve already covered passwords like 1235678 and qwerty, but using other keyboard paths really isn’t any better, even if they look more complex. Check out 1qazxsw2 on your keyboard. It may look more complex and random, but it’s still an identifiable path. There are actually password dictionaries on the dark web
that list out these common paths, which means a cybercriminal will always try them first.
Don’t use the same password for multiple services or accounts
Users should diversify so that if someone gets one password, all the rest are not compromised. Don’t forget about linked accounts, either. If someone is using Google or Facebook credentials to sign in to other services, then all of them will be vulnerable if a single one gets hacked.
Encourage longer passwords
Longer passwords will be tougher to crack, especially if the user mixes upper and lowercase letters and incorporates some numbers and symbols. Even a bunch of random words linked together—like PoloHorseFlagCanada — is a more challenging password.
Consider a password manager
Most people cannot remember all of their passwords. That’s why a password manager is a great idea. It securely stores all passwords, so all that is needed to remember is a single master password. Organizations might consider encouraging users to employ a password manager to create stronger, more secure passwords.
Use two-factor authentication as standard practice
Many online services now offer two-factor authentication, which can prevent someone from accessing an account even if they’ve figured out the password. Two-factor authentication simply means that there’s an extra step of verification beyond just inputting a username and password to access an account or password.
For instance, logging into a website from a new or unknown device may trigger the sending of a text or email verification code before being allowed into the account. Requiring outside access through a virtual private network (VPN) also is a way of adding an extra layer of protection to a log-in from beyond the four walls of a facility.
The bottom line is this: password security is critical and a little extra effort can prevent a lot of headaches down the road.