Passwords are essential for computer and payment data security. But to be effective, they must be strong and updated regularly. Weak and vendor default passwords are a frequent source of SMB breaches.
What makes a strong password? Not “password” or “123456”. Criminals try these easily-guessed passwords because they’re used by half of all people. A strong password has seven or more characters and a combination of upper and lower case letters, numbers and symbols (like !@#$&*). A phrase can also be a strong password (and may be easier to remember), like “B1gMac&frieS” (See this infographic for quick tips).
Computer equipment and software out-of-the-box (including payment terminals) often come with default or preset passwords such as “password” or “admin”, which are commonly known by criminals. To minimize the risk of being breached, businesses should change these default passwords to strong ones, update them every three months and never share them – each employee should have its own login IDs and passwords.
Need help? Businesses can ask their vendors and service providers to identify default passwords and change them. Additionally, the PCI Qualified Integrators and Resellers list is a resource merchants can use to find companies and individuals that have been trained by PCI SSC on strong passwords and other payment data security essentials.