Password Hygiene
Scott Huxley
?? Driving Business Value by Reducing Technical Debt | LinkedIn Humorist ????
Thanks to COVID-19 we are all very familiar with the reminders to wash our hands. But what does our password hygiene look like? Firstly - what is password hygiene?
Password Hygiene refers to the degree to which a user's passwords are selected and managed according to secured best practices.
Well if poor passwords led to some kind of serious disease we all would be dead by now. Let's take a look at the much-maligned concept of passwords and see if what can identify some answers.
The first password for computers actually began in 1961 at MIT, because of the use of multiple users it was deemed necessary to allow access to terminals and providing passwords to multiple users was deemed the most appropriate solution.
Below is Fernando Corbató in 1961 widely acknowledged as the creator of the computer password.
To give you an idea how long ago that actually was it just happened to be the same year the Berlin Wall was built! Indeed Crying by Roy Orbison was number 4 on the Billboard Charts that year. So, why are we still crying over passwords?
The Problem With Passwords
Obviously the first problem is we are all humans right? So to begin with we only needed to remember a few passwords but as more and more business and personal applications required passwords we needed a plan. So, the plan was simple - we are all busy people so you need something simple to remember. In fact, you need ideally the same password when possible so you remember it. The problem? Well, criminals are always one step ahead of us, and with passwords being the key to the castle or your email they want them too. According to a 2018 report - 50% of people re-use the same password!
The Risk For Your Business
When your employees re-use passwords or use easy to guess passwords then you become vulnerable. This vulnerability can spread to your email, connections to the organization, to your financial information, and more. Yet it remains a risk most businesses choose to ignore or simply not educate themselves on.
How Do Criminals Obtain My Passwords?
That question is a pretty simple one to answer. Through the many data breaches that happen monthly, it seems. From websites that expose our data, a quick look at the website Have I Been Pwned will tell you everything you need to know. Criminals collect that data or purchase it via the DarkWeb and then use it against us. They know there is a very good chance that if they find your password you probably used it somewhere else - at that point, they launched automated tools to test that theory out. In most cases, they are eventually successful.
Help Your Employees
Part of your technology strategy should be some form of password management. With so many applications requiring complex passwords or some form of two-factor authentication. If you are not sure about what two-factor authentication is then I recommend you at least familiarize yourself with the basics. We need to be able to help our employees, by doing so we are also protecting our business at the same time. Implement a password management system in your business, many great tools are available such as Lastpass, 1Password to name a few.
What is appropriate for your organization only your internal team or outsourced provider can understand. Having a plan and strategy in place for your organization is much better than hoping that a technology innovation from 1961 will protect your business in 2020.
Scott Huxley is the Chief Operating Officer of Syscom Business Technologies - since 1978 serving Detroit, Grand Rapids, and Northern Michigan. Empowering businesses to become more profitable leveraging technology.
Scott is an author, speaker, and valuable contributor to the Michigan CPA community.