Create strong passwords that protect your practice
Weak passwords are the easiest way for cyber attackers to penetrate your clinic network. Widely available online tools such as lists of the most used passwords and even the dictionary aid hackers in their attempts to steal precious patient information. Much of the old wisdom we were taught about passwords in years past doesn’t hold up against modern hacker tools and tricks. These password tips will help you lock down your clinic with strong passwords.
- The longer the better. A study by the US National Institute of Standards and Technology (NIST) recommends passwords of up to 64 characters including spaces made up of words. In one test a complex password —”Tr0ub4dor&3”— took only 3 days to guess while a long passphrase—“correct horse battery staple” would have taken 550 years to crack.
- Train staff to avoid common passwords like Password, 123456, or qwerty. People may think they’re being clever and hackers will skip trying popular options but hackers aren’t usually in that much of a hurry. For a list of common passwords (so you know which ones to avoid), check out this recent list of the most commonly used passwords of 2017, check out this article.
- Don’t use single dictionary words, use nonsense phrases of words strung together. A dictionary hack is when cyber attackers set up a computer that tries every word and combination of words in the dictionary. This type of attack used to take a long time but with advancements in computing power, it’s getting much much faster to run through every conceivable word combination to crack your password. Words are best used if they are misspelled or numbers are substituted for certain letters (such as 3 for E).
- Changing passwords frequently is less secure. When you have to change your password all the time you tend to make it easier to remember, reuse previous ones, or write them down.
- No sharing. One major reason passwords are required for compliance is that you can track who accessed which information when. If passwords and logins are shared between employees, that task becomes impossible.