Who Loves Passwords? Nobody.

No one likes passwords, but the reality is we need some form of identification and authentication to protect our digital reputation and information as well as facilitate customized online experiences.  As we celebrate World Password Day 2016, it is time to make passwords both strong and easy to use.

Another year passes by and passwords still remain.  At some point, someone told you passwords were going away.  They lied.  Passwords are here to stay, in one shape or another.  Although unwieldly, they are still the most prevalent means to validate a user. 

The key to reduce the frustration is to streamline their use while still benefitting from the protection they provide.  But there is an inherent conundrum: if you don’t use them correctly, they don’t provide much protection.  If you do use them properly, they are horribly difficult to manage and adversely slow down our digital experiences. 

I may be an anomaly, but the number of login accounts I have now number well over one hundred.  Most I only use sporadically, but I do need them.  As a security advocate, I know better than to reuse passwords or simply increment them in a simple way.  That would be insecure.  To be honest, I don’t have much trust in some of the domains I sign-up for.  I suspect some admins might take a peek at user’s credentials or even worse, their security practices are insufficient and my password may eventually get breached by a malicious hacker.  Either way, I expect several of my passwords to be exposed eventually.  Attackers then like to try those passwords on other accounts and look for easy patterns that the victim might be using to facilitate their ease of use.  If the threats figure it out, it is bad news.  Like dominoes falling, your accounts too will tumble and be in the hands of attackers.  They can login, steal your data, and impersonate you if they wish.  The damage can be serious enough for anyone to regret employing simple shortcuts to save time.

Don’t despair, there is hope.  It is time to take the sting out of password management.

Passwords are only protective if you use them correctly, but they don’t have to be hard to live with.  Get organized, let technology do the work for you, and follow these 4 simple rules:

1. Use strong passwords or even better, a passphrase.
   Passwords are useless if they can be guessed or easily succumb to brute-force attacks.  So, make them challenging.  Additionally, when in doubt, change them.  Top web services look for suspicious patterns of activity and will notify users of a possible account breach.  Don’t ignore these warnings!  Change your passwords immediately by opening a new browser window and navigating to the site to change your password (never click on links in emails to do this).
2. Make them unique.
   Never reuse the same password across different sites.  That makes it simple for attackers to compromise your entire digital life.  Furthermore, don’t make simple increments when changing passwords.  Moving from Password1 to Password2 is just asking for trouble.
3. Use a password manager.
   Retire the post-it notes or spreadsheet file.  Using a reputable password manager is a huge time saver and will actually add more security into the mix.  Integrated password managers can automatically log users into websites and applications, which is tremendously convenient.  They facilitate the use of insanely strong and unique passwords, and make dreaded expiration notices a snap to deal with.  No more trying to navigate and interpret the obscure hieroglyphs as part of your secret code.  Password managers can generate ridiculously complex passwords that you never need to type in.  They can handle the brunt of all the work.  There are secure solutions out there that help take pain out of the process, like True Key by Intel Security.
4. Biometrics and multifactor authentication is better!
   Biometrics can greatly reduce the frustration of logging in.  Fingerprint readers are great on phones and facial recognition on PC’s to speed up access.  Such systems are also emerging which can detect when you walk away and then lock the device.  Next generation solutions will take it a step further and unlock it automatically as you return.  Multifactor authentication schemes should be employed in high value situations, where if your password is compromised, the attacker still needs another form of authentication to proceed.  This thwarts all but the most elite types of attack and is well worth the extra effort for financial accounts and very private communications. 

Passwords don’t have to be hard to live with.  Get organized and let technology do the work for you.  Passwords aren’t going away anytime soon.  Reduce the loathing and inconvenience while maintain good security.  Remain vigilant and your passwords can save you from your worst digital day.

Interested in more?  Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.  Also be sure to visit the Intel Security blog for the latest security news.