Password Overload
Mike Treacy, Cybersecurity CEO
Cybersecurity Partner - Eliminating the complexity and high cost of protecting businesses from cybersecurity threats.
We all have password overload these days. And, at this point let’s hope we all know they shouldn’t be “1234” or “password1”. Most password protected sites don’t let us do this anymore, thankfully. Your network shouldn’t either. We also should know that using the same password for everything is not a good idea. But it really is a pain in the ass (PITA) with so many passwords needed for so many different things.
When it comes to employees, we need to get strong password creation and behavior into a written policy that is enforced. When things are already a PITA, we can tend to slack when it comes to work matters. I bet most people’s bank password is stronger than any work passwords, unless a policy is well understood and accepted.
The fact is there are easily obtainable tools out there that can be used to crack passwords. Even those that are considered strong using symbols, letters, and numbers can be cracked in a matter of hours. There are arguments out there that discuss if length or complexity is better but take both into account.
Also consider where you are using your passwords and how risky is the place where it is being stored. Yahoo (hacked), iCloud (hacked), sites like that are all huge targets for hackers. Is your Yahoo password the same as your bank password? That’s why you need to use different passwords for different places. Is your password the same for a random site with no important data (therefore no real security) as your work password? Limit your exposure.
Some tips:
- Use different passwords for different places. As much as a pain as that sounds, just do it.
- Longer the better. At least 15 characters is a good rule of thumb.
- Use a sentence including proper spacing, grammar and punctuation. Have it be a line from a song, book, or poem, or better yet something specific to your life.
- Make it even stronger and create a formula for it like: “I graduated from Princeton in 2012 but really wanted to go to Harvard.” Take that sentence and turn it into “iGfromPin2012brwtgtHarvard.”
- Come up with your own clever formula that works for you and use it across all platforms. But be very creative, hackers know commonly used tricks. You may not be as clever as you think.
- Consider using a password manager like LastPass or Dashlane but understand that they are big targets as well. But they definitely help with the overload.
Businesses! Make strong passwords a part of your corporate policy!
Entrepreneur | Founder @SecureFLO | Technologist |Cybersecurity SME| Listener| Investor
1 年Mike, thanks for sharing!
Sound advice!? If your corporate policy allows, there's definitely merit in tools like Firefox's password checker and Lastpass that can check for weak, repeat, etc. passwords.? Also, there're several free services that check to see whether email+pwd password combinations have been compromised.
Director of The Citadel Career Center
5 年I've been wondering about these questions. Thank you so much for answering!
Donor Retention Specialist - Reducing donor churn and increasing donor retention
5 年You answered my questions at the end. I've considered a password manager, but figured they be a BIG target.