24 Oct Passwords 101: Use Protection!
Passwords are the technological locks to sensitive patient information like full names, dates of birth, current addresses, phone numbers and medical records. Because of their ties to patients’ delicate information, your passwords should always be HIPAA compliant. You may think you know what makes for a secure password, but the truth could surprise you.
The National Institute of Standards and Technology — the people who set scientific standards like the exact length of an inch and the specific recipe for standard peanut butter — have also set the standard for secure passwords. And, out of everyone, NIST should know these kinds of details: they’ve created specs for even the US government to abide by. Their knowledge on this particular topic is second-to-none. We’ve incorporated their know-how into our professional practices, which include:
Try to aim for 12-13 characters.
Each character is adding an extra layer of security, making it harder and harder for passwords to be discovered by brute-force programs. We believe a resilient password contains both letters and other characters – like numbers or punctuation – to ensure that isn’t crackable.
Jumble characters around.
‘Password1’ is a terrible password, and nobody should use it. Ever. But putting the ‘1’ halfway through instead of at the end is one way to make the password a little more cryptic. Think about putting numerical characters in between letters or words in your passwords, creating a real sense of differentiation.
Use a long, but memorable password.
Our own research has uncovered that extremely long and complicated passwords sometimes create more problems than solutions. If an employee writes down their password on a post-it and sticks it to their monitor or laptop screen, their password is exposed for everybody to see. This is a security breach — plain and simple. We highly suggest using a sturdy but memorable password instead of randomized, generated one that’ll be forgotten or written down.
Change your approach of reviewing security.
NIST also recommends changing strong passwords less frequently and scheduling regular administrative reviews instead of changing passwords on a routine basis. Every quarter, hold reviews to ensure users aren’t accessing files they shouldn’t be, and that accounts aren’t doing strange and suspicious things on a network. Not only is this method highly practical, but it works wonders when it comes to security, too.
Even though passwords are extremely important, they’re just one piece of the puzzle to consider when it comes to online security. Our professional services team can help you develop strong password practices — contact us today.