Passwords are a perennial security topic. They are half the combination to unlocking everything from our gadgets, social media to your bank account. Why do we resist longer, more complex passwords when that is the most effective way to thwart password hackers?
Many of us have corporate accounts. Some of those are forced to use long, complex, non-repeating passwords. That makes us security professionals happy, but usually does not do the same for everyone else (especially our Moms). What are the reactions to multi-factor authentication (a second set of security questions or a device on your phone or lanyard that has a new number every minute)? Biometrics? So many of our phones and other gadgets have access to resources, and have a <ahem> handy feature to remember passwords. Yet many of us do not even enable a password, or even a PIN to access those devices.
Several years ago, I heard someone say “Passwords are like toothbrushes. Never share them and change them every few months.” How old is your toothbrush? Your passwords? (I won’t ask if you’ve shared either.) How good is your cybersecurity hygiene? Sadly, more than half of security pros rarely change their social network passwords. 20% percent have never changed them. In other news, social media passwords provide easy route into corporate networks. This ‘security fatigue’ is likely more prevalent in security pros. We are not leading by example.
There’s an app for that! Instead of downloading the latest angry candy game, why not fetch a password app? Several good apps exist to store and manage passwords. Many of those are free. I recently moved my passwords into a new app. My previous one was 20 years old and contained 583 records. It feels refreshing to have my passwords protected by updated encryption. Like that fresh feeling after brushing my teeth. Of course, password apps are not the silver bullet to password issues. They have their own challenges – such as being targets for hacking (although there are no known exploits but that can change in five minutes), or with some password apps, the ability to access your passwords from every device you use.
Choosing better passwords may be more practical for most of us. Weak passwords sacrifice security for convenience. Passwords that are longer, more complex, not re-used across multiple sites EVER, and of course, changed periodically, are a foundation of security. Enabling multi-factor authentication when available is always recommended.
In honor of World Password Day, which is tomorrow, May 4th, let’s all join forces and take the time to freshen our passwords. It will make the world a safer place.
Published by: Jon Lee, Security Director, GuideIT