blog

Password pitfalls and how to avoid them

Your passwords probably suck. Here's an easy way to use strong passwords

SIMPLE SECURITY GUIDANCE AND ARTICLES DIRECT TO YOUR MAILBOX

What you need to know to protect your business, de-geeked and accessible to everyone

Subscribe

If you’re ready to start improving your security (both personal and at your business), the first place to focus is passwords.

Passwords?  Really?  Not a fancy new firewall or the latest next-gen-AI-cyber platform?  No, passwords.

Weak passwords are a huge risk

Coming up with and remembering passwords is hard for most people.  When you start looking at all the rules to make good passwords and the sheer number we need, it’s not hard to understand why we suck at passwords.

We pick simple passwords.  We reuse passwords.  We write them down in books.  We share them.

In fact, SplashData releases a list of the Top WORST passwords every year.  This year’s worst includes standard favorites like 123456, password and qwerty, plus new ones like starwars and 123123.  Lame.

Consider the number of account breaches we’ve seen over the past few years, like this massive 41 gigabyte, 1.4 billion account and password database that was found on the dark web.  One of my favorite check-in sites, HaveIBeenPwned?, provides a search engine to see if your email address and password has been leaked.  They have more than 4.8 billion accounts listed.

It’s very likely one or more of your accounts has been breached at some point, and those credentials available for sale.

Improve your security by improving your passwords

Every business should be looking for simple ways to improve security.  We should be doing the same at home.  Using good password rules works across the board to reduce your cyber risk.

Here are some simple rules for creating good passwords:

Think passphrase, not password

The password is dead.  Long live the password.  It’s hard to come up with an 8+ character word that meets all the other rules of good passwords.  So switch to passphrases instead.  With a phrase it’s easy to have a 12+ character “password” without straining your creative brain cells.

Punctuate … creatively

Passwords should be complex.  We should include a combination of letters, upper and lower case, numbers and special characters.  If you’re using a phrase, you can meet many of these requirements by simply punctuating (creatively) and replacing a common letter for a number.

For example:

Phrase: I hate passwords

Passphrase: I.Hate.Passw0rds!

(password provided for example purposes only.  It’s not my gmail password.  Really.)

Note: Some passwords allow spaces, others don’t.  You may have to be flexible with the rules to meet the criteria for any given system.

Use a password manager

Every system should have a unique password.  That way if there’s a breach it’s limited to that one system.  Using slight variations (adding a 1) does not count as unique.

Unfortunately, when you get start using unique passwords you quickly realize how many passwords you need to remember.  Between work and home, you could have hundreds.

Enter the password manager.  A password manager is a system designed to create really good, unique passwords for each system you use.  It stores them in an encrypted database and keeps them synchronized between your systems and devices.

There’s a number of great systems out there.  Here’s a few comparisons of some of the top password managers:

Note: before using a password manager at work, speak to your IT department to make sure it doesn’t violate your IT security policies.

For business: next steps

The next steps for every business should include:

Once this is in place, we strongly recommend implementing 2 factor authentication on major systems, like your email system.  It’s built-in to Google Apps and Office 365, so why not take advantage? We’ll talk about that in an upcoming article.

For personal: next steps

Install a password manager and start updating your weak passwords with strong ones.  It’s probably been a long time since you changed your passwords anyhow!

Leave a Reply

Your email address will not be published. Required fields are marked *

SIMPLE SECURITY GUIDANCE AND ARTICLES DIRECT TO YOUR MAILBOX

What you need to know to protect your business, de-geeked and accessible to everyone

Subscribe