For all businesses, the responsibility to ensure that any user accounts; whether created by internal staff or external users, comply with minimum levels of security. Typically, the minimum length is 12 characters for a standard password or 8 when using a secondary form of authentication (eg a text message).
However, even where a user does specify a password that meets the criteria, it’s also vital that this isn’t a “popular” or “leaked” password.
How to do check whether a password is contained within a leak from one of 638 hacking events that resulted in 115,518 published databases featuring some 11,991,408,974 addresses?
To meet this challenge, all Codeframe clients benefit from instant, real-time checks for all users (whether registering or resetting their password).
For your convenience and as a demonstration of what we mean, we include a form of our password validation tool here for you. Try a password and we’ll check if it forms part of a list of “generic” passwords that are not advisable to use or perhaps part of a list of billions of passwords that have been historically hacked and published. (If your password fails this test, we strongly suggest you change it wherever you use it).
Is this really important?
It absolutely is. For many businesses, Cyber protection is becoming a more pressing concern. Insurers are demanding an increasing amount of time and energy is spent on ensuring that businesses comply, often using the Cyber Essentials programme as a basis.
Also, organisations are becoming acutely aware that a Cyber Incident could inflict reputational damage which may take too much to recover from.
The problem businesses face is that very quickly, adhering to the principles of safe-Cyber become complicated. Codeframe‘s own development practices comply with all the principles of Cyber security that your business requires such as firewalls and encryption as well as this Password Check tool. We also, by default, provide other items which we believe should be part of good Cyber principles such a automated, daily, offsite backup and a regular programme of test restores to ensure the process works when required.