Time to get better at passwords
Mark Lomas
Cloud Solutions Architect & Digital Workforce Empowerment Specialist | Volunteer | Tech enthusiast | ?????|
Quick, how many passwords are stored in your browser?
Not sure? You're probably not alone. Not that it's necessarily a problem, our web browsers often helpfully ask us if we would like them to 'remember' our passwords. It's certainly a lot better than having to remember them yourself or write them down, right?
Ahh yes, but still - how many? Why does this matter? Well because the answer might surprise you - especially if you've had your computer a long time. I've only had my current machine 7 months and already the browser has about 30 saved passwords.
Now, how about the next question, how many of those saved passwords are the same? If you're anything like 'most people', then the answer is probably somewhere in the general region of 'most of them'.
It's an interesting experiment - go find wherever your browser stores your logins and passwords, have a look at how many there are, and then ask yourself - how many are the same.
The reason I pose this question is to highlight the danger of poor password policies. We might not consciously think about just how many services, apps and websites where logins are required, but it's usually quite a lot. Both in our personal and business lives, logins are everywhere. Reusing the same password again and again for different websites might be convenient for our memory, but it's also very dangerous.
If a password for one website is discovered, then a whole raft of different logins could be compromised. That's especially serious if any of the logins are for websites where you have business data stored.
There are solutions. Turning on two-factor authentication wherever possible will help a lot. However, having a good approach to passwords would always still be vitally important.
This is where a good password manager can help. Password managers help generate highly secure passwords, and then store them all securely. So, you can use complex passwords, without having to remember them, and have a unique one for every service.
For a business, a fully featured password manager should allow you to enforce good password habits, by validating that people aren't reusing passwords, or using insecure ones. Gaining a reporting insight into how secure the passwords are for your organisation can be extremely useful for ensuring that everyone is doing their bit for security.
Passwords can be a weak-link in security, and left to their own devices, allowing people to carry on using 'Password123' for all the websites they need to access for their job can hurt your chances of getting -and staying- secure. So, as part of your cyber-security strategy, don't forget the basics; get better at passwords.