Why Do I Have to Change my Password Again?
Medical practices can be hectic environments, with everyone having seemingly one million things to do. Coming up with a new password can feel like just one more thing no one has time to do. The first thing you think of is your anniversary or your pet’s name; great—you’re done.
Wrong!
By choosing a weak password, the practice may have just been exposed to a cyberattack. Having a clear password policy that requires strong passwords is the first step in preventing cyberattacks.
A recent article published in InfoWorld reported the underground market for compromised servers may be much larger and more active than previously believed. The publication cites websites selling login information for over 170,000 hacked servers. Password security is a fundamental element in defending your practice from cyberattacks and protecting health records, financial information, and other sensitive company data. Failure to defend the practice against cyberthreats could easily ruin a practice (see Ransomware).
How Can We Protect Ourselves?
Couple your strong-password policy with training for everyone in the practice regarding why strong passwords matter and how to set them. Here are eight useful tips.
1. Choose easy-to-remember hard-to-guess passwords
Passwords that are at least eight characters long with a case-sensitive mix of letters, numbers, and symbols are best. Avoid
- Personal information (eg, birthdays; names of people or pets, or social security numbers
- Using only letters or only numbers
- Using the same word as your login
- Using a word that can be found in any dictionary (even in a foreign language)
Watch the video below to learn an easy way to remember strong passwords.
2. Don’t reuse passwords across sites
It’s tempting to use the same password across multiple sites or programs to make it easier to remember. This is not a good practice. If a hacker discovers your company’s Facebook password she or he might also be able to access your company’s financial information or something equally sensitive.
3. Start with a favorite phrase or quote
A phrase like “Keep calm and carry on” can be used by taking the first letter of each word in the phrase, a numerical sequence such as 5-9, and two random symbols to create a very complex password. A password resulting from our example above would be K5c6a7c8o9&%. Phrases that are 4 words long or more create longer more-secure passwords
4. Do not allow web browsers (such as Chrome, Firefox, or Internet Explorer) to remember passwords
Although many browsers offer this as a convenience, it creates an open door for hackers to walk through
5. Change passwords regularly
In the same way that changing locks on your home or office deters would-be burglars, changing your passwords helps protect against data theft. It’s best to update your credentials every 30 to 60 days.
6. Consider a password management program
A problem faced by many practices is the use of passwords across teams (eg, if everyone uses the same credentials to use a company-wide program). This can lead to weak security habits such as e-mailing passwords among team members. To combat this, choose a password management program that automates and secures credentials for systems with multiparty access.
7. Consider multifactor authentication.
Enabling multifactor authentication on your password manager adds an extra layer of security by requiring identity verification before access is granted. This is typically done with a one-time passcode sent via text message or supplied by an app on your smartphone. Multifactor authentication is available on many password-protected accounts—even without a password manager.
