Mortgage Software Solutions Blog

Mortgage Lenders Look to MicroSecure Online Password Guidelines

Written by Steve Tschoepe | Mon, Jul 16, 2018

Barbed wire, a chain-link fence, and a camera combine to provide a high level of security.

Microsoft reports over 10 million username/password pair attacks against their users each day. As one of the largest Identity Providers (IdPs) in the world, the company is in a unique position to recommend how to best handle cyber security.

 

The Microsoft user community’s updated guidance for secure password creation has been available since May 2016. Companies in the financial sector can follow Microsoft’s guidelines for password creation to ensure superior user security with their online mortgage software.

 

Here is the most up-to-date advice for creating secure passwords. Mortgage lenders can follow these guidelines to keep online account hackers at bay.

 

IT Administrators Are Responsible for Setting Password Parameters

Though users ultimately invent the password for their account, IT administrators play a role in regulating the end level of security. The parameters that a mortgage lender’s IT team sets for users will dictate how secure the resulting user passwords are.

Microsoft suggests:

  • Maintaining an 8-character minimum length requirement
  • Banning universally common passwords
  • Educating users not to mix the usage of passwords for work and non-work accounts
  • Enforcing registration for multi-factor authentication
  • Enabling risk based multi-factor authentication challenges

In the face of data collected at Microsoft’s cloud-based directory and identity management service Azure Active Directory (MS AD) login, other long-held practices in password parameter setting have been abandoned. Microsoft no longer recommends character-composition requirements and mandatory periodic password resets for user accounts.

In fact, these outdated policies were found to increase the facility of hacking username/password pairs. For example, users prompted to create new passwords frequently often default to choosing weaker passwords or making slight variations on old passwords to guard against forgetfulness.

 

User Tips for Creating a Unique Microsoft Password

With IT parameters in place, the ultimate creation of the password is up to the user of the online account. For mortgage companies using MS AD for their cloud-based platforms, these tips can be disseminated to loan officers to encourage cyber security within the company. In the case that a hacker gains access to a loan officer’s email, these tips can prevent the attacker from taking over other accounts.

Microsoft suggests that users:

  • Avoid re-using passwords or variations on a theme for various online accounts
  • Avoid single words (e.g. “password”) and commonly-used phrases (e.g. “mynameis”)
  • Avoid personal information that can be guessed such as pet names, favorite hobbies, or numbers from your birth date

By following these guidelines for a secure password, lenders can keep online accounts safe from cyber security events. This, in turn, protects the sensitive personal data of lending customers kept in online mortgage software platforms.

Further Recommendations for Microsoft Account Security

Beyond guidance for IT administrators and users, Microsoft offers common sense recommendations to all their partners and clients.

The tech giant’s general recommendations are to keep security information up to date, turn on two-step or multi-factor authentication (MFA), be careful of suspicious emails, avoid clicking on unfamiliar links, update all work-related computer programs and operating systems, and make sure to install and use regular antivirus applications on staff computers, tablets, and mobile devices.

With its place at the leading edge of MS AD surveillance, Microsoft has a particularly good vantage point to recommend useful and lasting guidelines for evading hackers. The recommendations offered are applicable for avoiding cyber attacks on Microsoft and other accounts with online access.

 

Financial institutions can protect their staff and customers by creating secure passwords and by implementing security measures like ABT’s Email Guardian designed specifically for mortgage lenders.

Image: Pexels